From no-reply at openstack.org Mon Jan 3 10:25:06 2022 From: no-reply at openstack.org (no-reply at openstack.org) Date: Mon, 03 Jan 2022 10:25:06 -0000 Subject: [release-announce] aodhclient 2.3.1 (xena) Message-ID: We are ecstatic to announce the release of: aodhclient 2.3.1: Python client library for Aodh This release is part of the xena stable release series. The source is available from: https://opendev.org/openstack/aodhclient Download the package from: https://pypi.org/project/aodhclient For more details, please see below. Changes in aodhclient 2.3.0..2.3.1 ---------------------------------- 90067b6 Fix aodhclient for pyparse 3.0.6 Diffstat (except docs and test files) ------------------------------------- aodhclient/utils.py | 2 +- 2 files changed, 1 insertion(+), 176 deletions(-) From no-reply at openstack.org Mon Jan 3 10:33:57 2022 From: no-reply at openstack.org (no-reply at openstack.org) Date: Mon, 03 Jan 2022 10:33:57 -0000 Subject: [release-announce] kolla 12.1.0 (wallaby) Message-ID: We are satisfied to announce the release of: kolla 12.1.0: Kolla OpenStack Deployment This release is part of the wallaby stable release series. The source is available from: https://opendev.org/openstack/kolla Download the package from: https://tarballs.openstack.org/kolla/ Please report issues through: https://bugs.launchpad.net/kolla/+bugs For more details, please see below. 12.1.0 ^^^^^^ New Features ************ * Add masakari-dashboard to debian binary horizon image. * Support for Debian/Ubuntu binary (aka packaged) CloudKitty images. * Adds support for the "ironic-neutron-agent" image in Debian and Ubuntu binary images. Also adds support for the "baremetal" ML2 driver in the "neutron-server" image in Debian and Ubuntu binary images. * Improve the way offline scenario are supported: * Switching dumb-init installation to distribution provided packages. * Allow to set group for user. Upgrade Notes ************* * Debian now uses upstream MariaDB repos (thus following Ubuntu images). This is done to avoid issues like the related one and have an easy workaround of pinning to chosen MariaDB version if need arises. Operators may want to reflect this in their repo mirrors and proxies. LP#1944410 * "Gnocchi" version has been updated to "4.4.1". Bug Fixes ********* * Adds an option to the monasca-thresh container which checks if the topology is currently submitted (KOLLA_BOOTSTRAP), with an option to kill it (TOPOLOGY_REPLACE). Topology names and various timeouts may be customized. LP#1808805 * Fixes missing boto3 library required by glance_store. LP#1884259 * Fixes an issue with logs going missing in the Fluentd pipeline by pinning td-agent to 4.0.* also on Debian. LP#1930867 [Debian] * Fix missing default policy files for debian-binary-horizon. LP#1933759 * Fixes user uid inconsistency beetween base and openstack-base debian binary images. LP#1934753 * Add missing pacemaker cli utils to Debian hacluster images. LP#1934788 * Fixes an issue with cinder-volume missing "lsscsi" and "nvme" commands on Debian and Ubuntu. LP#1942038 * Fixes kolla-toolbox ansible.log logging for different users than ansible. LP#1942846 * CentOS "nova-compute" image has "linux-firmware" package removed to save image size by ~500MB. LP#1926801 * Fixes an issue with Elasticsearch curator not working due to too new python elasticsearch library. LP#1941073 * Fixes "Permission denied" issue for swift-recon tool that appears when swift-recon tool tries to access deafult recon_lock_path * Fixes an issue with the logstash image which was incompatible with the last OSS version (7.10) of Elasticsearch. Logstash is now pinned to 7.9. LP#1941754 * Ensures the "nvme-cli" package is present in "nova-compute" images, as it expected by "os-brick". Changes in kolla 12.0.1..12.1.0 ------------------------------- 0b45557bd Ensure nvme-cli is present in nova-compute images 3c33f878c nova-compute: trim image a bit on CentOS f81e7939f Add Swift lock path in Swift containers 6448d3d21 cinder-volume/ubuntu: add lsscsi and nvme c9a71e977 gnocchi: update to 4.4.1 0366a31d2 logstash: pin to 7.9.* for Elasticsearch OSS compatibility fe7b66323 [debian] Use upstream MariaDB 22a003276 toolbox: Move custom Ansible config to global location c978baf14 Fix Elasticsearch Curator f0ffe4050 debian: Change influxdb, rabbitmq and td-agent repos to bullseye 1ec1d8b46 Pin td-agent to 4.0.* also on Debian af76e6703 [doc] Ubuntu has Ceph Pacific in Wallaby+ 333f02a07 Allow build debian/ubuntu-binary cloudkitty images 3567cffb2 ironic-neutron-agent: enable for Debuntu binary 571572a25 Add some system users to fix user uid inconsistencies b7b9d3855 base/deb: bump 'system' groups limit beyond Kolla ones 69a6809b1 Config: allow to set group for user d8eed6c0c Fix naming of CentOS Stream in reno 4a0d2ce11 monasca-thresh: Allow topology check and removal in storm ac18704dd Fix missing pacemaker-cli-utils in Debian hacluster images b927e6a41 Add missing default policy files for debian-binary-horizon a7c5173b3 Add boto3 as s3 dependency for Glance container 57ddaad7a Add masakari-dashboard to debian binary horizon image 25d7f48c1 Improve offline build scenario. Diffstat (except docs and test files) ------------------------------------- .../cloudkitty/cloudkitty-processor/Dockerfile.j2 | 5 +- .../elasticsearch-curator/Dockerfile.j2 | 2 + .../hacluster-pacemaker-remote/Dockerfile.j2 | 6 ++ .../monasca/monasca-thresh/topology_bootstrap.sh | 90 ++++++++++++++++++++++ .../ironic-neutron-agent/Dockerfile.j2 | 5 +- kolla/common/config.py | 16 +++- kolla/image/build.py | 5 +- kolla/template/repos.yaml | 14 ++-- .../add-masakari-dashboard-eae5f216888e5fe0.yaml | 3 + .../notes/bug-1808805-e63af01591f03506.yaml | 8 ++ .../notes/bug-1884259-23bdaa6c1c038a81.yaml | 5 ++ .../notes/bug-1930867-debian-c01f2cd22d8c10f0.yaml | 6 ++ .../notes/bug-1933759-c03e50c243850a49.yaml | 5 ++ .../notes/bug-1934753-98ec4951a0f7373b.yaml | 6 ++ .../notes/bug-1934788-b1fd51f443479fb6.yaml | 5 ++ .../notes/bug-1942038-f1d96ae352f73bd1.yaml | 6 ++ .../notes/bug-1942846-1216faacacba94be.yaml | 5 ++ .../notes/bug-1946801-5f3af3c44e567fcf.yaml | 6 ++ .../notes/centos-8-stream-b5b45ccee94f7cf5.yaml | 2 +- ...cloudkitty-debuntu-binary-09b182fc672b7d77.yaml | 4 + .../debian-mariadb-upstream-75e05cbdaa013abe.yaml | 10 +++ ...untu-ironic-neutron-agent-6534d616b37643a8.yaml | 6 ++ ...fix-elasticsearch-curator-7876896ebbd41ad3.yaml | 6 ++ .../fix-lock-swift-path-9b743367e4014f92.yaml | 5 ++ .../notes/gnocchi-4.4.1-1332afc3c6fca766.yaml | 4 + .../improve_offline_support-e7b2384fb7390184.yaml | 5 ++ .../notes/logstash-7.9-30fd90e921037a8a.yaml | 6 ++ .../notes/nova-nvme-cli-bf940ad0005cac80.yaml | 5 ++ .../notes/set-group-for-user-aa9b3eae69d8f6a0.yaml | 3 + 50 files changed, 341 insertions(+), 56 deletions(-) From no-reply at openstack.org Mon Jan 3 10:34:52 2022 From: no-reply at openstack.org (no-reply at openstack.org) Date: Mon, 03 Jan 2022 10:34:52 -0000 Subject: [release-announce] kayobe 9.2.0 (victoria) Message-ID: We are gleeful to announce the release of: kayobe 9.2.0: Deployment of OpenStack to bare metal using OpenStack kolla and bifrost This release is part of the victoria stable release series. The source is available from: https://opendev.org/openstack/kayobe Download the package from: https://tarballs.openstack.org/kayobe/ Please report issues through: https://storyboard.openstack.org/#!/project/openstack/kayobe For more details, please see below. 9.2.0 ^^^^^ New Features ************ * Adds a new "kolla_bifrost_use_firewalld" variable used to define whether Bifrost uses firewalld, which is now disabled by default. * Adds support for configuring the "filter" and "gather_subset" arguments for the "setup" module via "kayobe_ansible_setup_filter" and "kayobe_ansible_setup_gather_subset" respectively. These can be used to reduce the number of facts, which can have a significant effect on performance of Ansible. * Adds a new command, "kayobe overcloud facts gather", to gather Ansible facts for overcloud hosts. This may be useful for populating a fact cache. * Adds support for the "metalink" option in custom DNF repositories configured with "dnf_custom_repos" in "dnf.yml". Upgrade Notes ************* * Updates all references to Ansible facts within Kayobe from using individual fact variables to using the items in the "ansible_facts" dictionary. This allows users to disable fact variable injection in their Ansible configuration, which may provide some performance improvement. Check for facts referenced in local configuration files, and update to use "ansible_facts" before disabling fact variable injection. * Bifrost is now configured to avoid using firewalld, to prevent conflicts with firewall rules set by Kayobe on the seed host. The existing behaviour can be retained by setting "kolla_bifrost_use_firewalld" to "True" in "bifrost.yml". * Removes the workaround for bogus name server entries in some CentOS 7 images, together with the "overcloud_host_image_workaround_resolv_enabled" variable. Bug Fixes ********* * Prevents Bifrost from using firewalld to avoid conflicts with firewall rules set by Kayobe on the seed host. See story 2009252 for more details. * Sets proxy option when using "dnf" during user bootstrapping, before "dnf.conf" is updated. This allows Kayobe to install Python 3 during host configuration when "dnf" requires a proxy to operate. * Fixes an issue bug where introspection data save would fail. See story 2009129 for more details. * Filter out 25 Gigabit Ethernet interface names in the Ironic inspector rule setting node names from interface LLDP switch port descriptions. * Fixes a failure to detect the Kayobe installation prefix when "lib" is present multiple times in the installation path. See story 2009721 for details. Changes in kayobe 9.1.0..9.2.0 ------------------------------ 6180c4d8 docs: Improve all-in-one scenario c0073e7e Fix installation prefix detection 7bade28f CI: always return host configure test results a518ac34 Remove stale config dump from seed hypervisor host configure 0a3ab6e3 Add the missing documentation for mariadb recovery e3af71b6 CI: enable DNF tests on CentOS Stream 8 2d658cdc Set proxy option in early dnf invocation 3e99a3e9 Prevent Bifrost from using firewalld 459b6880 Remove CentOS 7 image resolv.conf workaround 68960f60 Fix IPA builder version typo f8486397 Fix wrong filename in bifrost docs 157e9b9d CI: Fix bashate ignores 8e1b8905 Make setup module arguments configurable b588b805 CI: Disable libvirt debug logs 0cccd22e Add missing quotes to Docker registry TLS example aabb6abf CI: Log disk usage details 30473356 Sync documentation with kolla_openstack_custom_config 46bbe36c CI: build CentOS Stream deployment images b0978e77 Fix typo in IP allocation filename 7bf2ab99 Use ansible_facts to reference facts 18460ecf CI: Fix get_logs.sh docker logs output 11554bd3 CI: Add CentOS Stream 8 750a17c4 Fix overcloud introspection data save 9e98ce3b Add twentyFiveGigE to port descriptions in inspector rules 761665ff dnf: add metalink argument to custom dnf repository 90f07dce Sync Kolla Ansible feature flags aacb2709 Remove stale DIB_DISABLE_KERNEL_CLEANUP references Diffstat (except docs and test files) ------------------------------------- ansible/container-image-build.yml | 4 +- ansible/disable-selinux.yml | 4 +- ansible/dnf.yml | 2 +- ansible/group_vars/all/bifrost | 4 + ansible/group_vars/all/globals | 11 ++ ansible/group_vars/all/inspector | 4 + ansible/group_vars/all/overcloud | 11 -- ansible/group_vars/all/time | 2 +- ansible/host-package-update.yml | 2 +- ansible/kayobe-ansible-user.yml | 6 +- ansible/kayobe-target-venv.yml | 18 ++- ansible/kolla-target-venv.yml | 8 +- ansible/network.yml | 2 + ansible/overcloud-etc-hosts-fixup.yml | 4 +- ansible/overcloud-facts-gather.yml | 10 ++ ansible/overcloud-host-image-workaround-resolv.yml | 35 ----- ansible/overcloud-introspection-data-save.yml | 2 +- ansible/overcloud-ipa-build.yml | 2 +- ansible/overcloud-ipa-images.yml | 4 +- ansible/roles/bootstrap/tasks/main.yml | 4 +- ansible/roles/disable-selinux/tasks/main.yml | 2 +- ansible/roles/dnf/tasks/custom-repo.yml | 3 +- ansible/roles/docker-registry/tasks/config.yml | 16 +- ansible/roles/docker/tasks/main.yml | 2 +- ansible/roles/inspection-store/tasks/config.yml | 4 +- ansible/roles/ipa-images/tasks/main.yml | 8 +- .../kolla-ansible-host-vars/templates/host-vars.j2 | 2 + ansible/roles/kolla-ansible/defaults/main.yml | 2 +- ansible/roles/kolla-ansible/tasks/config.yml | 4 +- ansible/roles/kolla-ansible/tasks/install.yml | 12 +- ansible/roles/kolla-ansible/vars/main.yml | 36 ++++- .../roles/kolla-bifrost/templates/bifrost.yml.j2 | 3 + .../roles/kolla-openstack/templates/ironic.conf.j2 | 2 +- ansible/roles/kolla/defaults/main.yml | 2 +- ansible/roles/kolla/tasks/config.yml | 4 +- ansible/roles/kolla/tasks/install.yml | 12 +- ansible/roles/ssh-known-host/tasks/main.yml | 2 +- ansible/seed-ipa-build.yml | 2 +- ansible/seed-service-upgrade-prep.yml | 2 +- ansible/seed-vm-provision.yml | 8 +- ansible/snat.yml | 4 +- ansible/timezone.yml | 2 +- .../configuration/reference/docker-registry.rst | 4 +- .../configuration/reference/kolla-ansible.rst | 2 + .../configuration/scenarios/all-in-one/index.rst | 82 +++++++++-- .../scenarios/all-in-one/overcloud.rst | 161 +++++++++++++++++---- etc/kayobe/bifrost.yml | 6 +- etc/kayobe/globals.yml | 11 ++ etc/kayobe/ipa.yml | 2 +- etc/kayobe/kolla.yml | 37 ++++- etc/kayobe/overcloud.yml | 11 -- kayobe/ansible.py | 1 + kayobe/cli/commands.py | 30 ++-- kayobe/utils.py | 9 +- playbooks/kayobe-base/pre.yml | 14 ++ playbooks/kayobe-overcloud-base/globals.yml.j2 | 3 + .../kayobe-overcloud-host-configure-base/run.yml | 20 +-- .../kayobe-overcloud-upgrade-base/globals.yml.j2 | 3 + playbooks/kayobe-seed-base/overrides.yml.j2 | 11 +- .../kayobe-seed-upgrade-base/overrides.yml.j2 | 1 + .../notes/ansible-facts-2b3389a2534d47a2.yaml | 10 ++ .../bifrost-use-firewalld-90b69e2ac6eead67.yaml | 16 ++ releasenotes/notes/dnf-proxy-22a6eb457c06a223.yaml | 6 + ...x-introspection-data-save-51001baa37d97084.yaml | 6 + .../inspector-25gbe-port-9bdc3bb354e3dfb6.yaml | 5 + ...stall-prefix-multiple-lib-9288e8c11da3c0bc.yaml | 6 + ...ve-resolv-conf-workaround-4cb484d3a66c4e58.yaml | 6 + .../notes/setup-module-args-2c36e56bf78ab5f0.yaml | 11 ++ .../yum-repository-metalink-26afa7c9f7026539.yaml | 5 + requirements.yml | 28 ++-- roles/kayobe-diagnostics/files/get_logs.sh | 4 +- setup.cfg | 3 + tools/run-bashate.sh | 2 +- zuul.d/jobs.yaml | 37 +++++ zuul.d/nodesets.yaml | 6 + zuul.d/project.yaml | 15 +- 84 files changed, 759 insertions(+), 255 deletions(-) From no-reply at openstack.org Mon Jan 3 10:35:29 2022 From: no-reply at openstack.org (no-reply at openstack.org) Date: Mon, 03 Jan 2022 10:35:29 -0000 Subject: [release-announce] kolla 13.0.1 (xena) Message-ID: We are glad to announce the release of: kolla 13.0.1: Kolla OpenStack Deployment This release is part of the xena stable release series. The source is available from: https://opendev.org/openstack/kolla Download the package from: https://tarballs.openstack.org/kolla/ Please report issues through: https://bugs.launchpad.net/kolla/+bugs For more details, please see below. 13.0.1 ^^^^^^ Bug Fixes * CentOS "nova-compute" image has "linux-firmware" package removed to save image size by ~500MB. LP#1926801 * Fixes "Permission denied" issue for swift-recon tool that appears when swift-recon tool tries to access deafult recon_lock_path * Nova images are built without "pypowervm" package. It is needed only for POWER architecture support (which we do not support) and breaks CentOS builds by trying to install (Python 2 only) 'futures' package. * Ensures the "nvme-cli" package is present in "nova-compute" images, as it expected by "os-brick". Changes in kolla 13.0.0..13.0.1 ------------------------------- 24fba48e8 nova: drop pypowervm dependency 56d639283 Ensure nvme-cli is present in nova-compute images c02ec3f8e nova-compute: trim image a bit on CentOS 0d8d2f40c Add Swift lock path in Swift containers Diffstat (except docs and test files) ------------------------------------- releasenotes/notes/bug-1946801-5f3af3c44e567fcf.yaml | 6 ++++++ .../notes/fix-lock-swift-path-9b743367e4014f92.yaml | 5 +++++ .../notes/nova-drop-pypowervm-256048c2a9cd594d.yaml | 6 ++++++ releasenotes/notes/nova-nvme-cli-bf940ad0005cac80.yaml | 5 +++++ 8 files changed, 41 insertions(+), 9 deletions(-) From no-reply at openstack.org Mon Jan 3 10:36:35 2022 From: no-reply at openstack.org (no-reply at openstack.org) Date: Mon, 03 Jan 2022 10:36:35 -0000 Subject: [release-announce] kolla-ansible 12.3.0 (wallaby) Message-ID: We are pumped to announce the release of: kolla-ansible 12.3.0: Ansible Deployment of Kolla containers This release is part of the wallaby stable release series. The source is available from: https://opendev.org/openstack/kolla-ansible Download the package from: https://tarballs.openstack.org/kolla-ansible/ Please report issues through: https://bugs.launchpad.net/kolla-ansible/+bugs For more details, please see below. 12.3.0 ^^^^^^ New Features ************ * Adds a new variable, "disable_firewall", which defaults to "true". If set to "false", then the host firewall will not be disabled during "kolla-ansible bootstrap-servers". * Implements container healthchecks for keystone-fernet container. See blueprint * Implements container healthchecks for memcached services. See blueprint * Implements container healthchecks for nova-spicehtml5proxy service. See blueprint * Adds two new arguments to the "kolla-ansible" command, "--check" and "--diff". They are passed through directly to "ansible- playbook". * Adds "manila_cephfs_filesystem_name" variable to support multi-fs Ceph Pacific+ deloyments. Upgrade Notes ************* * To fix LP#1941940, "nova_libvirt_dimensions" now by default combines with "nova_libvirt_default_dimensions". Please consider this when customising that variable. Security Issues *************** * Fixes "net.ipv4.ip_forward" not to be enabled by Kolla Ansible on the default network namespace. It was enabled on hosts with Neutron L3 Agent (thus in most common setups with OVS and/or Linux Bridge, but not OVN) and allowed, unless users had extra iptables rules to avoid that, any traffic to be accepted for forwarding (as long as it was routable and passed other checks). Users of existing setups are advised to re-evaluate whether they need this sysctl enabled and disable if not necessary. Kolla Ansible will simply no longer try to set this sysctl at all. Neutron L3 Agent handles forwarding enablement per managed namespace. LP#1945453 * Adds mitigation for the Apache Log4j2 Remote Code Execution (RCE) Vulnerability in Elasticsearch - CVE-2021-44228. Bug Fixes ********* * Fixed broken "kolla-toolbox" container when RabbitMQ is disabled and IPv6 is used. LP#1939883 * Fixes inability to attach devices (e.g., volumes via iSCSI/FC) to instances on Debian Bullseye. LP#1941940 * Fixes "mariadb-clustercheck" not to run when there is no HAProxy. LP#1944114 * No longer creates directories for haproxy and swift logs where they are not needed. LP#1945070 * Fixes an issue with multinode MariaDB deployments which could fail the playbook execution on WSREP check due to the new behaviour of Galera 4. LP#1947485. * Fixes an issue on Debian with single node MariaDB deployments with HAProxy disabled. See bug 1947534 for details. * Fixes the generation of "wsrep_cluster_address" in "galera.cnf" when "--limit" is used while deploying MariaDB nodes. LP#1947589 * Fixes an error in placement role which prevents to deploy the placement service when custom policy file is used. LP#1948835 * Fixes missing current Ansible version in the error message. LP#1948979 * Fix octavia role doesn't set the amphora network's gateway_ip LP#1949260 * Only run "configure ovn in ovsdb" task on ovn-controller hosts The task will fail on hosts (like controller nodes) without tunnel interface LP#1953367 * Fixes an issue where the Nova API logs were written to files ending with *-wsgi.log* which affected the processing of these logs in the Fluentd pipeline. LP#1950185 * On slower nodes, the initial grafana startup could experience a timeout failure when the migrations for setting up the database took longer than expected. This has been fixed by increasing the default timeout. The timeout settings can be changed via new parameters "grafana_start_first_node_delay" and "grafana_start_first_node_retries" for the "grafana" role. LP#1769962 * Removes "fix_cephfs_owner.yaml" which related to pre-wallaby Manila's use of subfolders. Post-wallaby Manila now uses cephfs volumes instead, as such this file is no longer required. LP#1938285 LP#1935784 * Removes use of "cephfs_enable_snapshots" in Manila config as this option was removed from Manila in the Wallaby release. Changes in kolla-ansible 12.2.0..12.3.0 --------------------------------------- 3a212faef Added upgrade note for separate nova and cinder keys. 4af71d367 [docs] Mark init-runonce properly b30b42c63 ovn: configure ovn in ovsdb only on ovn-controller hosts f35e44aaf [Security] Add log4j vulnerability mitigation in Elasticsearch d7ebe7c24 Bump timeout for grafana startup 331167403 docs: Manila CephFS Driver in Wallaby upgrade note 69810fd42 Fix monasca-thresh upgrade a4c46d86f docs: stop installing kolla in quickstart a1e7fa276 CI: Test minimum and maximum supported ansible versions bf7f20932 Specify log file name for Nova API 4e07d6cb7 Replace auth_uri with www_authenticate_uri b6f28ee2e docs: Install openstack-client with upper constraints 35d8edca0 Remove unexpected } c3c8448b7 haproxy: remove unused tls check condition in config 9a9b609a6 docs: Get release name dynamically e6827412c docs: Parameterize kolla-ansible version and branch edb88e6c3 Stop creating unused cron/logrotate directory c6a04b0f2 docs: Fix python-openstackclient package name and init-runonce path 951a25fac Fix octavia doesn't set subnet gateway_ip c6b27b2a8 mariadb: use add_host to include inactive hosts in shard grouping cea9a84cf Fix broken deploy of placement service 295e86f08 Fix missing Ansible version in the error message 1a1fb8643 mariadb: Do not use wsrep-notify.sh on Debian a61d4e721 docs: Improve info about neutron external interface 94627f1c8 Update Manila deploy steps for Wallaby 8109217a7 [mariadb] Start new nodes serially 1feabf70b Add support for Ironic inspection through DHCP-relay ee32a10a7 Trivial fix shebang in keystone's fernet-node-sync.sh.j2 b9c88463f Correctly create the dhcp_agent.ini and l3_agent.ini 9c4887ae6 Do not set net.ipv4.ip_forward sysctl 229e3f41a Add check and diff options to kolla-ansible 297d1bee2 Do not create haproxy and swift log dirs needlessly b621fd827 Docs: Update to opendev.org domain b08c32e40 Do not enable mariadb-clustercheck when not needed f0169774d Do not become root when searching for custom prometheus alert rules files 3cbb45aeb CI: monasca: ignore exited monasca_thresh container 2ca82dac6 CI: stop setting ceph_nova_user 29d11508d Add disable_firewall variable 3e954e33a Fix neutron upgrade using host limit without controllers 62328e7d8 [CI] Test instance health after upgrade 7c268ee65 Bump libvirtd memlock ulimit dbe94d5fa Zun: Temporarily skip capsule test for ubuntu a42d09d46 Fix kolla-toolbox with IPv6 and disabled RabbitMQ 3bbf1a80b Use Docker healthchecks for memcached services 61917194c Use Docker healthchecks for keystone-fernet container 7755ef65d Use Docker healthchecks for nova-spicehtml5proxy service Diffstat (except docs and test files) ------------------------------------- ansible/group_vars/all.yml | 3 + ansible/roles/baremetal/defaults/main.yml | 3 + ansible/roles/baremetal/tasks/install.yml | 56 ++++++----- ansible/roles/common/tasks/config.yml | 3 +- .../common/templates/conf/output/00-local.conf.j2 | 4 + ansible/roles/common/templates/fluentd.json.j2 | 4 + .../roles/common/templates/kolla-toolbox.json.j2 | 4 +- ansible/roles/cyborg/templates/cyborg.conf.j2 | 2 +- ansible/roles/elasticsearch/defaults/main.yml | 2 +- ansible/roles/grafana/defaults/main.yml | 3 + ansible/roles/grafana/handlers/main.yml | 4 +- .../roles/haproxy/templates/haproxy_main.cfg.j2 | 2 - ansible/roles/keystone/defaults/main.yml | 14 +++ ansible/roles/keystone/tasks/config.yml | 1 + .../keystone/templates/fernet-healthcheck.sh.j2 | 6 ++ .../keystone/templates/fernet-node-sync.sh.j2 | 32 +++--- ansible/roles/keystone/templates/fernet-push.sh.j2 | 16 +++ .../keystone/templates/keystone-fernet.json.j2 | 6 ++ ansible/roles/manila/defaults/main.yml | 7 ++ ansible/roles/manila/tasks/deploy.yml | 5 - ansible/roles/manila/tasks/fix_cephfs_owner.yml | 85 ---------------- .../roles/manila/templates/manila-share.conf.j2 | 8 +- ansible/roles/mariadb/defaults/main.yml | 11 +-- ansible/roles/mariadb/handlers/main.yml | 6 ++ ansible/roles/mariadb/tasks/config.yml | 1 + ansible/roles/mariadb/tasks/main.yml | 6 +- ansible/roles/mariadb/templates/galera.cnf.j2 | 2 +- ansible/roles/mariadb/templates/mariadb.json.j2 | 2 +- ansible/roles/memcached/defaults/main.yml | 14 +++ ansible/roles/memcached/handlers/main.yml | 1 + ansible/roles/memcached/tasks/check-containers.yml | 1 + ansible/roles/monasca/tasks/upgrade.yml | 1 + ansible/roles/neutron/tasks/config-host.yml | 1 - ansible/roles/neutron/tasks/rolling_upgrade.yml | 2 +- ansible/roles/neutron/templates/dhcp_agent.ini.j2 | 2 + ansible/roles/neutron/templates/l3_agent.ini.j2 | 2 + ansible/roles/nova-cell/defaults/main.yml | 26 ++++- ansible/roles/nova/templates/nova.conf.j2 | 5 +- ansible/roles/octavia/tasks/prepare.yml | 2 +- ansible/roles/ovn/tasks/bootstrap.yml | 1 + ansible/roles/placement/tasks/config.yml | 2 +- ansible/roles/prometheus/tasks/config.yml | 1 - .../bootstrap-servers.rst | 2 + .../reference/networking/neutron-extensions.rst | 10 ++ .../reference/networking/provider-networks.rst | 21 ---- .../orchestration-and-nfv/tacker-guide.rst | 27 ++--- .../reference/storage/external-ceph-guide.rst | 14 +++ etc/kolla/globals.yml | 9 +- .../notes/bug-1939883-dbfca874b138cfe9.yaml | 6 ++ .../notes/bug-1941940-c63265ea6ea2f594.yaml | 11 +++ .../notes/bug-1944114-fa2a266c014c64a9.yaml | 5 + .../notes/bug-1945070-965635387a8581f9.yaml | 6 ++ .../notes/bug-1945453-c410cc090cb85feb.yaml | 16 +++ .../notes/bug-1947485-d059864252fb1813.yaml | 7 ++ .../notes/bug-1947534-bf3b5ed19473015f.yaml | 6 ++ .../notes/bug-1947589-52e7a6fa5d82e7fa.yaml | 6 ++ .../notes/bug-1948835-51b15ddbef04d307.yaml | 6 ++ .../notes/bug-1948979-aaf2a93cc016ffb1.yaml | 5 + .../notes/bug-1949260-34d82ecd677dd8ff.yaml | 5 + .../notes/bug-1953367-61591a7f3ecf28ce.yaml | 7 ++ ...ix-nova-api-log-file-name-9a377525e73012de.yaml | 7 ++ .../notes/disable-firewall-1e1955168c717cb5.yaml | 6 ++ ...-start-first-node-timeout-f9a6149cc68153a5.yaml | 10 ++ ...hecks-for-keystone-fernet-a63033e2b95ecb2f.yaml | 6 ++ ...ealthchecks-for-memcached-807b9036c3c92596.yaml | 6 ++ ...-for-nova-spicehtml5proxy-a9cf93c15c0a8966.yaml | 6 ++ .../notes/kolla-ansible-diff-50de16722aa155dc.yaml | 5 + .../notes/security-log4j-1be047799f8e590a.yaml | 5 + .../support-manila-wallaby-2e29e866af0d6287.yaml | 15 +++ tools/kolla-ansible | 20 +++- 84 files changed, 691 insertions(+), 279 deletions(-) From no-reply at openstack.org Mon Jan 3 10:36:39 2022 From: no-reply at openstack.org (no-reply at openstack.org) Date: Mon, 03 Jan 2022 10:36:39 -0000 Subject: [release-announce] kayobe 10.1.0 (wallaby) Message-ID: We are jazzed to announce the release of: kayobe 10.1.0: Deployment of OpenStack to bare metal using OpenStack kolla and bifrost This release is part of the wallaby stable release series. The source is available from: https://opendev.org/openstack/kayobe Download the package from: https://tarballs.openstack.org/kayobe/ Please report issues through: https://storyboard.openstack.org/#!/project/openstack/kayobe For more details, please see below. 10.1.0 ^^^^^^ New Features ************ * Adds support for configuring apt's proxy setting for Ubuntu hosts. See story 2009035 (https://storyboard.openstack.org/#!/story/2009035) for details. * Adds a new "kolla_bifrost_use_firewalld" variable used to define whether Bifrost uses firewalld, which is now disabled by default. * Adds support for configuring the "filter" and "gather_subset" arguments for the "setup" module via "kayobe_ansible_setup_filter" and "kayobe_ansible_setup_gather_subset" respectively. These can be used to reduce the number of facts, which can have a significant effect on performance of Ansible. * Adds a new command, "kayobe overcloud facts gather", to gather Ansible facts for overcloud hosts. This may be useful for populating a fact cache. * Adds support for the "metalink" option in custom DNF repositories configured with "dnf_custom_repos" in "dnf.yml". Upgrade Notes ************* * Updates all references to Ansible facts within Kayobe from using individual fact variables to using the items in the "ansible_facts" dictionary. This allows users to disable fact variable injection in their Ansible configuration, which may provide some performance improvement. Check for facts referenced in local configuration files, and update to use "ansible_facts" before disabling fact variable injection. * Bifrost is now configured to avoid using firewalld, to prevent conflicts with firewall rules set by Kayobe on the seed host. The existing behaviour can be retained by setting "kolla_bifrost_use_firewalld" to "True" in "bifrost.yml". Bug Fixes ********* * Prevents Bifrost from using firewalld to avoid conflicts with firewall rules set by Kayobe on the seed host. See story 2009252 for more details. * Sets proxy option when using "dnf" during user bootstrapping, before "dnf.conf" is updated. This allows Kayobe to install Python 3 during host configuration when "dnf" requires a proxy to operate. * Fixes an issue bug where introspection data save would fail. See story 2009129 for more details. * Fixes an issue with configuration validation when no public API network is in use. See story 2009134 for details. * Filter out 25 Gigabit Ethernet interface names in the Ironic inspector rule setting node names from interface LLDP switch port descriptions. * Fixes a failure to detect the Kayobe installation prefix when "lib" is present multiple times in the installation path. See story 2009721 for details. * Fixes an issue with systemd-networkd MTU mismatch in veth pair on Ubuntu. See story 2009072 for details. Changes in kayobe 10.0.1..10.1.0 -------------------------------- 45875477 docs: Improve all-in-one scenario bf7ef2ae Fix installation prefix detection 4a76d800 CI: always return host configure test results fb86cd16 CI: enable DNF tests on CentOS Stream 8 e0133df2 Set proxy option in early dnf invocation a5c2a24a Remove stale config dump from seed hypervisor host configure 27712155 CI: Disable heat in upgrade jobs to save disk space c24fcca8 Add the missing documentation for mariadb recovery adb52541 Prevent Bifrost from using firewalld 7fbc1a3e Fix IPA builder version typo 929ae0ab Fix wrong filename in bifrost docs 2164c6b2 Add support for apt proxy setting 0854692a CI: Fix bashate ignores 367c6bc0 Make setup module arguments configurable fc638e4e CI: Disable libvirt debug logs b6cc4c52 Add missing quotes to Docker registry TLS example 00ca1ecf CI: Log disk usage details 39381ad3 Sync documentation with kolla_openstack_custom_config 6e480612 Fix typo in IP allocation filename 0233ddb1 Use ansible_facts to reference facts a2e980d1 CI: Fix get_logs.sh docker logs output 6b6485a6 Allow passing arguments to dev/environment-setup.sh a906d26f Fix overcloud introspection data save ac094088 Fix configuration check without public API network bf470af5 docs: fix heading styles in upgrading page fb56c037 Fix documentation links for routed control plane networks 39fbb063 Add twentyFiveGigE to port descriptions in inspector rules e14231c8 dnf: add metalink argument to custom dnf repository 27ccf48f Sync Kolla Ansible feature flags af6495fa Ubuntu: Set MTU for veth in the network files 9ca07b85 Use stream8 images with molecule 69d2b648 Remove stale DIB_DISABLE_KERNEL_CLEANUP references Diffstat (except docs and test files) ------------------------------------- ansible/apt.yml | 12 ++ ansible/compute-node-discovery.yml | 4 +- ansible/container-image-build.yml | 4 +- ansible/disable-selinux.yml | 4 +- ansible/dnf.yml | 2 +- ansible/group_vars/all/apt | 6 + ansible/group_vars/all/bifrost | 4 + ansible/group_vars/all/globals | 11 ++ ansible/group_vars/all/inspector | 4 + ansible/group_vars/all/time | 2 +- ansible/host-package-update.yml | 2 +- ansible/idrac-bootstrap.yml | 4 +- ansible/kayobe-ansible-user.yml | 6 +- ansible/kayobe-target-venv.yml | 22 +-- ansible/kolla-ansible.yml | 4 +- ansible/kolla-target-venv.yml | 12 +- ansible/network.yml | 2 +- ansible/overcloud-etc-hosts-fixup.yml | 4 +- ansible/overcloud-facts-gather.yml | 10 ++ ansible/overcloud-introspection-data-save.yml | 2 +- ansible/overcloud-ipa-build.yml | 2 +- ansible/overcloud-ipa-images.yml | 4 +- ansible/public-openrc.yml | 2 +- ansible/roles/apt/defaults/main.yml | 12 ++ ansible/roles/apt/tasks/main.yml | 17 +++ ansible/roles/apt/templates/01proxy.j2 | 8 + ansible/roles/bootstrap/tasks/main.yml | 8 +- ansible/roles/dev-tools/tasks/main.yml | 4 +- ansible/roles/disable-selinux/tasks/main.yml | 6 +- ansible/roles/dnf/tasks/custom-repo.yml | 3 +- ansible/roles/docker-registry/tasks/config.yml | 16 +- ansible/roles/docker/tasks/main.yml | 2 +- ansible/roles/inspection-store/tasks/config.yml | 4 +- ansible/roles/ipa-images/tasks/main.yml | 4 +- .../kolla-ansible-host-vars/templates/host-vars.j2 | 2 + ansible/roles/kolla-ansible/defaults/main.yml | 2 +- ansible/roles/kolla-ansible/tasks/config.yml | 4 +- ansible/roles/kolla-ansible/tasks/install.yml | 16 +- .../roles/kolla-ansible/templates/globals.yml.j2 | 4 + ansible/roles/kolla-ansible/vars/main.yml | 1 - .../roles/kolla-bifrost/templates/bifrost.yml.j2 | 3 + .../kolla-openstack/molecule/default/molecule.yml | 4 +- .../molecule/enable-everything/molecule.yml | 4 +- .../roles/kolla-openstack/templates/ironic.conf.j2 | 2 +- ansible/roles/kolla/defaults/main.yml | 2 +- ansible/roles/kolla/tasks/config.yml | 4 +- ansible/roles/kolla/tasks/install.yml | 18 +-- ansible/roles/network-redhat/tasks/main.yml | 2 + ansible/roles/ntp/tasks/prepare.yml | 4 +- ansible/roles/pip/tasks/pip_conf.yml | 4 +- ansible/roles/snat/tasks/main.yml | 4 +- ansible/roles/ssh-known-host/tasks/main.yml | 2 +- ansible/roles/swift-block-devices/tasks/main.yml | 4 +- ansible/roles/veth/tasks/main.yml | 2 +- ansible/roles/wipe-disks/tasks/main.yml | 4 +- ansible/seed-ipa-build.yml | 2 +- ansible/seed-service-upgrade-prep.yml | 2 +- ansible/seed-vm-provision.yml | 8 +- ansible/snat.yml | 4 +- ansible/time.yml | 2 +- dev/environment-setup.sh | 7 +- dev/functions | 2 +- dev/tenks-deploy-config-compute.yml | 2 +- .../configuration/reference/docker-registry.rst | 4 +- .../configuration/reference/kolla-ansible.rst | 4 +- .../reference/routed-control-plane-networks.rst | 8 +- .../configuration/scenarios/all-in-one/index.rst | 83 +++++++++-- .../scenarios/all-in-one/overcloud.rst | 162 +++++++++++++++++---- etc/kayobe/apt.yml | 6 + etc/kayobe/bifrost.yml | 6 +- etc/kayobe/globals.yml | 11 ++ etc/kayobe/ipa.yml | 2 +- etc/kayobe/kolla.yml | 1 - kayobe/ansible.py | 1 + kayobe/cli/commands.py | 32 ++-- kayobe/plugins/filter/networkd.py | 14 +- kayobe/utils.py | 9 +- playbooks/kayobe-base/pre.yml | 14 ++ playbooks/kayobe-overcloud-base/globals.yml.j2 | 3 + .../kayobe-overcloud-host-configure-base/run.yml | 20 +-- .../kayobe-overcloud-upgrade-base/globals.yml.j2 | 3 + .../kayobe-overcloud-upgrade-base/overrides.yml.j2 | 3 + .../add-apt-proxy-support-f688702868095ed0.yaml | 6 + .../notes/ansible-facts-2b3389a2534d47a2.yaml | 10 ++ .../bifrost-use-firewalld-90b69e2ac6eead67.yaml | 16 ++ releasenotes/notes/dnf-proxy-22a6eb457c06a223.yaml | 6 + ...x-introspection-data-save-51001baa37d97084.yaml | 6 + ...ix-precheck-no-public-net-c0db9168063b6203.yaml | 6 + .../inspector-25gbe-port-9bdc3bb354e3dfb6.yaml | 5 + ...stall-prefix-multiple-lib-9288e8c11da3c0bc.yaml | 6 + .../notes/setup-module-args-2c36e56bf78ab5f0.yaml | 11 ++ .../notes/story-2009072-57e5d079e182e763.yaml | 6 + .../yum-repository-metalink-26afa7c9f7026539.yaml | 5 + requirements.yml | 30 ++-- roles/kayobe-diagnostics/files/get_logs.sh | 4 +- setup.cfg | 3 + tools/run-bashate.sh | 2 +- 107 files changed, 835 insertions(+), 262 deletions(-) From no-reply at openstack.org Mon Jan 3 10:37:22 2022 From: no-reply at openstack.org (no-reply at openstack.org) Date: Mon, 03 Jan 2022 10:37:22 -0000 Subject: [release-announce] kayobe 11.0.1 (xena) Message-ID: We are psyched to announce the release of: kayobe 11.0.1: Deployment of OpenStack to bare metal using OpenStack kolla and bifrost This release is part of the xena stable release series. The source is available from: https://opendev.org/openstack/kayobe Download the package from: https://tarballs.openstack.org/kayobe/ Please report issues through: https://storyboard.openstack.org/#!/project/openstack/kayobe For more details, please see below. 11.0.1 ^^^^^^ Bug Fixes * Fixes a failure to detect the Kayobe installation prefix when "lib" is present multiple times in the installation path. See story 2009721 for details. Changes in kayobe 11.0.0..11.0.1 -------------------------------- 846e9c92 docs: Improve all-in-one scenario 94e345e4 Document seed_enable_snat fde9b65c CI: Use correct TD agent repository version b01173b1 Fix installation prefix detection 8e6a66bf CI: always return host configure test results Diffstat (except docs and test files) ------------------------------------- .../configuration/scenarios/all-in-one/index.rst | 83 +++++++++-- .../scenarios/all-in-one/overcloud.rst | 156 +++++++++++++++++---- kayobe/utils.py | 9 +- .../overrides.yml.j2 | 2 +- .../kayobe-overcloud-host-configure-base/run.yml | 20 +-- ...stall-prefix-multiple-lib-9288e8c11da3c0bc.yaml | 6 + 8 files changed, 233 insertions(+), 61 deletions(-) From no-reply at openstack.org Mon Jan 3 10:39:02 2022 From: no-reply at openstack.org (no-reply at openstack.org) Date: Mon, 03 Jan 2022 10:39:02 -0000 Subject: [release-announce] kolla 11.2.0 (victoria) Message-ID: We are amped to announce the release of: kolla 11.2.0: Kolla OpenStack Deployment This release is part of the victoria stable release series. The source is available from: https://opendev.org/openstack/kolla Download the package from: https://tarballs.openstack.org/kolla/ Please report issues through: https://bugs.launchpad.net/kolla/+bugs For more details, please see below. 11.2.0 ^^^^^^ New Features ************ * Improve the way offline scenario are supported: * Switching dumb-init installation to distribution provided packages. Upgrade Notes ************* * Debian now uses upstream MariaDB repos (thus following Ubuntu images). This is done to avoid issues like the related one and have an easy workaround of pinning to chosen MariaDB version if need arises. Operators may want to reflect this in their repo mirrors and proxies. LP#1944410 Bug Fixes ********* * Adds an option to the monasca-thresh container which checks if the topology is currently submitted (KOLLA_BOOTSTRAP), with an option to kill it (TOPOLOGY_REPLACE). Topology names and various timeouts may be customized. LP#1808805 * Fixes missing boto3 library required by glance_store. LP#1884259 * Fixes an issue with logs going missing in the Fluentd pipeline by pinning td-agent to 4.0.* also on Debian. LP#1930867 [Debian] * Fixes an issue with cinder-volume missing "lsscsi" and "nvme" commands on Debian and Ubuntu. LP#1942038 * CentOS "nova-compute" image has "linux-firmware" package removed to save image size by ~500MB. LP#1926801 * Fixes "Permission denied" issue for swift-recon tool that appears when swift-recon tool tries to access deafult recon_lock_path * Ensures the "nvme-cli" package is present in "nova-compute" images, as it expected by "os-brick". Other Notes *********** * CentOS images are now buildable using CentOS 8 Stream as a base. Changes in kolla 11.1.0..11.2.0 ------------------------------- d034341d5 Ensure nvme-cli is present in nova-compute images 2774e59ca nova-compute: trim image a bit on CentOS 0bc8f2a33 Add Swift lock path in Swift containers 49a5b7e55 cinder-volume/ubuntu: add lsscsi and nvme 8c9bcb0e7 [debian] Use upstream MariaDB 16b501fa8 Pin td-agent to 4.0.* also on Debian d2e8ebe7f [CI] Fix periodic publish of centos8 images d483339f3 [doc] Fix Ceph sources 01f0dae4c Unify curl options 3978b25cf monasca-thresh: Allow topology check and removal in storm 47ec54f77 CentOS Stream: update kolla-ansible Zuul jobs 2877c2c40 Add support for CentOS 8 Stream 865e3f1bb Improve offline build scenario. 1aba4e72a Add boto3 as s3 dependency for Glance container Diffstat (except docs and test files) ------------------------------------- .zuul.d/base.yaml | 12 +++ .zuul.d/centos.yaml | 111 +++++++++++++++++++++ .../monasca/monasca-thresh/topology_bootstrap.sh | 90 +++++++++++++++++ .../prometheus-alertmanager/Dockerfile.j2 | 2 +- .../prometheus-blackbox-exporter/Dockerfile.j2 | 2 +- .../prometheus/prometheus-cadvisor/Dockerfile.j2 | 2 +- .../Dockerfile.j2 | 2 +- .../prometheus-haproxy-exporter/Dockerfile.j2 | 2 +- .../prometheus-memcached-exporter/Dockerfile.j2 | 2 +- .../prometheus-mysqld-exporter/Dockerfile.j2 | 2 +- .../prometheus-node-exporter/Dockerfile.j2 | 2 +- .../prometheus-openstack-exporter/Dockerfile.j2 | 2 +- kolla/template/repos.yaml | 2 + .../notes/bug-1808805-e63af01591f03506.yaml | 8 ++ .../notes/bug-1884259-23bdaa6c1c038a81.yaml | 5 + .../notes/bug-1930867-debian-c01f2cd22d8c10f0.yaml | 6 ++ .../notes/bug-1942038-f1d96ae352f73bd1.yaml | 6 ++ .../notes/bug-1946801-5f3af3c44e567fcf.yaml | 6 ++ .../notes/centos-8-stream-b5b45ccee94f7cf5.yaml | 5 + .../debian-mariadb-upstream-75e05cbdaa013abe.yaml | 10 ++ .../fix-lock-swift-path-9b743367e4014f92.yaml | 5 + .../improve_offline_support-e7b2384fb7390184.yaml | 5 + .../notes/nova-nvme-cli-bf940ad0005cac80.yaml | 5 + 48 files changed, 384 insertions(+), 57 deletions(-) From no-reply at openstack.org Mon Jan 3 10:39:17 2022 From: no-reply at openstack.org (no-reply at openstack.org) Date: Mon, 03 Jan 2022 10:39:17 -0000 Subject: [release-announce] kolla-ansible 11.2.0 (victoria) Message-ID: We are tickled pink to announce the release of: kolla-ansible 11.2.0: Ansible Deployment of Kolla containers This release is part of the victoria stable release series. The source is available from: https://opendev.org/openstack/kolla-ansible Download the package from: https://tarballs.openstack.org/kolla-ansible/ Please report issues through: https://bugs.launchpad.net/kolla-ansible/+bugs For more details, please see below. 11.2.0 ^^^^^^ New Features ************ * Add new option prometheus_openstack_exporter_timeout to override default scrape_timeout for openstack exporter job. * Adds support for elasticsearch storage backend with cloudkitty: That feature let you store cloudkitty rating documents directly within your elasticsearch cluster. If you already have an elasticsearch cluster running for logging it create a new cloudkitty specific index. That let you use kibana, grafana or any other interface to browse your rating data and create appropriate dashboard or build an appropriate billing service over it. Adds support for prometheus as a fetcher/collector for cloudkitty: That feature let you use prometheus metrics as your source of rating. Using prometheus let you rate pretty much any openstack object directly from the kolla provided exporters (Openstack_exporter) or your own customs exporters. * Adds config parameter "haproxy_nova_spicehtml5_proxy_tunnel_timeout" to configure the "Tunnel TimeOut" directive for spicehtml5proxy haproxy service. * Adds a new variable, "disable_firewall", which defaults to "true". If set to "false", then the host firewall will not be disabled during "kolla-ansible bootstrap-servers". * Adds two new variables "service_images_pull_retries" and "service_images_pull_delay" which control the behaviour of image pulling tasks. These are useful if your registry is not 100% reliable (usually due to load). The defaults have been set to 3 retries and 5 seconds delay to ensure a better default experience (these are actually Ansible defaults when task retries are enabled). * It is now possible to use Neutron DHCP agent together with OVN networking. New variable is added to control this feature: "neutron_ovn_dhcp_agent", defaulting to "no". * Adds support for configuring the "filter" and "gather_subset" arguments for the "setup" module via "kolla_ansible_setup_filter" and "kolla_ansible_setup_gather_subset" respectively. These can be used to reduce the number of facts, which can have a significant effect on performance of Ansible. * New variable "ironic_enable_keystone_integration" was added. It helps to add keystone connection information into "ironic.conf" if we want to connect to existing keystone (not installing it at the same time). Upgrade Notes ************* * Updates all references to Ansible facts within Kolla Ansible from using individual fact variables to using the items in the "ansible_facts" dictionary. This allows users to disable fact variable injection in their Ansible configuration, which may provide some performance improvement. Check for facts referenced in local configuration files, and update to use "ansible_facts" before disabling fact variable injection. * Modifies the default value of "ceph_nova_user" from "nova" to the value of "ceph_cinder_user", in line with the default for "ceph_nova_keyring". Users who have overridden "ceph_nova_keyring" to use separate keyrings for Nova and Cinder should also override "ceph_nova_user" to match the Nova keyring. LP#1934145 * Modifies the default value of "rabbitmq_server_additional_erl_args" from an empty string to "+S 2:2 +sbwt none +sbwtdcpu none +sbwtdio none". Security Issues *************** * Fixes "net.ipv4.ip_forward" not to be enabled by Kolla Ansible on the default network namespace. It was enabled on hosts with Neutron L3 Agent (thus in most common setups with OVS and/or Linux Bridge, but not OVN) and allowed, unless users had extra iptables rules to avoid that, any traffic to be accepted for forwarding (as long as it was routable and passed other checks). Users of existing setups are advised to re-evaluate whether they need this sysctl enabled and disable if not necessary. Kolla Ansible will simply no longer try to set this sysctl at all. Neutron L3 Agent handles forwarding enablement per managed namespace. LP#1945453 * Adds mitigation for the Apache Log4j2 Remote Code Execution (RCE) Vulnerability in Elasticsearch - CVE-2021-44228. Bug Fixes ********* * Fixes monasca-thresh to correctly submit the topology to Storm. The previous container ran the topology in local mode (within the container), and didn't use the Storm cloud. The new container handles submitting the topology to Storm and also handles killing and replaces the topology when it's configuration has changed. As a result, the monasca-thresh container is only used for submission, and exits after that's completed. The logs for the topology will now be available in the storm worker-artifact logs. LP#1808805 * Fixes an issue where configuration in containers could become stale. This prevented containers with updated configuration from being restarted, e.g., if the "kolla-ansible genconfig" and "kolla- ansible deploy-containers" commands were used together. LP#1848775 * Fixes elasticsearch fluentd output being enabled when elasticsearch is not enabled. LP#1927880 * Fixes an issue with timesync checks on deployment host. See bug 1933347 for details. * Fixes horizon's healthcheck when SSL is turned on. LP#1933846 * Fixes an issue seen when customising the Docker Yum repository URL on CentOS, where the "docker_yum_gpgkey" variable is not used consistently. LP#1934913 * Fixes an issue where spice console is freezed after while, see LP#1938549. * Fixes Masakari in multi-region deployments to query Nova API in its own region. LP#1939291 * Fixes nova's healthchecks when upgrading from previous version. LP#1939679 * Fixed broken "kolla-toolbox" container when RabbitMQ is disabled and IPv6 is used. LP#1939883 * Fixes "mariadb-clustercheck" not to run when there is no HAProxy. LP#1944114 * No longer creates directories for haproxy and swift logs where they are not needed. LP#1945070 * Fixes an error in placement role which prevents to deploy the placement service when custom policy file is used. LP#1948835 * Fixes missing current Ansible version in the error message. LP#1948979 * Fix octavia role doesn't set the amphora network's gateway_ip LP#1949260 * Fixes an issue where the Nova API logs were written to files ending with *-wsgi.log* which affected the processing of these logs in the Fluentd pipeline. LP#1950185 * Fixes an issue with Cyborg deployment. LP#1937911 * Fixes an issue with "config.json" for "neutron-server" when a VMware plugin agent is used. * On slower nodes, the initial grafana startup could experience a timeout failure when the migrations for setting up the database took longer than expected. This has been fixed by increasing the default timeout. The timeout settings can be changed via new parameters "grafana_start_first_node_delay" and "grafana_start_first_node_retries" for the "grafana" role. LP#1769962 * Fixes an issue with Neutron "linuxbridge" ML2 agent when "neutron_external_interface" includes multiple interfaces. LP#1863935 * Fixes an issue with Manila configuration which was missing a "[glance]" section, preventing some drivers from operating. * Fixes an issue with default Nova configuration for Ceph where the RBD user is set to "nova", but only a "cinder" keyring is copied. The default value of "ceph_nova_user" is changed to the value of "ceph_cinder_user", in line with the default for "ceph_nova_keyring". LP#1934145 * Fixes an issue where RabbitMQ consumes a large amount of CPU, particularly on multi-core systems. The default RabbitMQ tuning assumes that RabbitMQ is running on a dedicated host, which is the opposite of a typical Kolla Ansible container setup. For more details on tuning RabbitMQ in your environment, please see: https://www.rabbitmq.com/runtime.html#busy-waiting https://www.rabbitmq.com/runtime.html#scheduling Other Notes *********** * Optimised image pulling to avoid looping over disabled services. Changes in kolla-ansible 11.1.0..11.2.0 --------------------------------------- f022d47b9 Added upgrade note for separate nova and cinder keys. cb630cce8 [docs] Mark init-runonce properly 143cca58b [Security] Add log4j vulnerability mitigation in Elasticsearch 8c63d9360 Bump timeout for grafana startup d0fe5ab01 Fix monasca-thresh upgrade c80e021ca docs: stop installing kolla in quickstart dc779eeff Replace auth_uri with www_authenticate_uri 03438149e Specify log file name for Nova API c011a608e docs: Install openstack-client with upper constraints 36fdd6cf0 docs: Get release name dynamically 1c031910f docs: Parameterize kolla-ansible version and branch f8cf81bbb Stop creating unused cron/logrotate directory 11451cc9e docs: Fix python-openstackclient package name and init-runonce path 4305edb2f Fix octavia doesn't set subnet gateway_ip 0050062c8 Fix broken deploy of placement service 28d2efc84 Fix missing Ansible version in the error message 3c1418020 Add support for Ironic inspection through DHCP-relay 63f669ce1 Correctly create the dhcp_agent.ini and l3_agent.ini fa3c72514 Do not set net.ipv4.ip_forward sysctl 5b7b32f81 Do not create haproxy and swift log dirs needlessly 0166f707d Docs: Update to opendev.org domain 4eaeb6398 Do not enable mariadb-clustercheck when not needed 6bfa6d0c6 Do not become root when searching for custom prometheus alert rules files 04566adac CI: stop setting ceph_nova_user 4b12a9e32 Add disable_firewall variable 3d8ae1ed5 Fix neutron upgrade using host limit without controllers 744c9af7c Add override timeout for openstack exporter e33e75c06 [CI] Test instance health after upgrade f97e75201 [CI] Cinder upgrade testing 6d7c83e0c Zun: Temporarily skip capsule test for ubuntu 257e6e4a4 Fix kolla-toolbox with IPv6 and disabled RabbitMQ c7d77ff7a CentOS Stream: Use a variable for openstack_tag_suffix 30b95a516 CI: Add centos-8-stream jobs 83d300fc5 Fix Masakari in multi-region deploys fa1823f94 docs: Document CentOS 8 Stream usage 6f1a02dfd Remove an unused file bcc60136a Add ability to retry image pulling 9428e44dc Add Neutron DHCP agent to OVN networking setup d81a36215 Use more RMQ flags for less busy wait 3c3b7f307 Set changed_when to false for group_by tasks a88785236 Fix the Tempest image url variable 9b644f2e2 Fix deployment failure when kolla_dev_mod is enabled 3c6391334 Trivial fix nova's healthchecks 085a0852c fluentd: Fix check for external elasticsearch 69fde698c ironic: Follow up for ironic_enable_keystone_integration 15b8f0799 Refactor and optimise image pulling 8a9048d09 Extra var ironic_enable_keystone_integration added. 0d7f0828e monasca-thresh: Fix topology submission to storm 5e5efd804 baremetal: use docker_yum_gpgkey to fetch docker GPG key f95f846d5 Fix release note for ansible_facts 75c8f4383 neutron: fix neutron-server config.json with VMware fb8dfe4fb Blazar: Fix support for external keystone in multiregion deploy 8aa8e617d nova: Use cinder user for Ceph 913a334e0 Elevated privileges required to set owner/group/mode by ansible 1b020dd1e Fix config action when OVN is enabled 7cc41b391 Check config when checking the containers f1c1567be Fix nova deployment failure when rabbitmq is disabled 1080c8bc9 Fix freezed spice console in horizon 0a11cb0b8 Do not run timesync checks on deployment host 707f6ab6a watcher: add missing become for copying configs f06d6e3ed Trivial fix horizon's healthcheck when SSL turned on ec0687dcd Fix incorrect config of linuxbridge multiple external networks da392e58b Make setup module arguments configurable 3fdb97b94 cyborg: add missing become for api-paste.ini 1d6231069 Add missing elasticsearch cloudkitty storage and prometheus collector backend support. eb52a6f65 Use ansible_facts to reference facts b710fef04 manila: add glance section in manila-share.conf 875a29ff4 docs: Add information on tuning Ansible 6d67d9d97 Fix variable names in Octavia documentation 21cef390e Reduce RabbitMQ busy waiting, lowering CPU load Diffstat (except docs and test files) ------------------------------------- ansible/gather-facts.yml | 14 +- ansible/group_vars/all.yml | 31 ++- ansible/library/kolla_docker.py | 44 +++- ansible/post-deploy.yml | 4 +- ansible/roles/aodh/defaults/main.yml | 8 +- ansible/roles/aodh/tasks/pull.yml | 12 +- ansible/roles/barbican/defaults/main.yml | 6 +- ansible/roles/barbican/tasks/pull.yml | 12 +- ansible/roles/baremetal/defaults/main.yml | 11 +- ansible/roles/baremetal/tasks/install.yml | 72 ++++--- ansible/roles/baremetal/tasks/post-install.yml | 18 +- ansible/roles/baremetal/tasks/pre-install.yml | 16 +- ansible/roles/blazar/defaults/main.yml | 4 +- ansible/roles/blazar/tasks/pull.yml | 12 +- ansible/roles/blazar/templates/blazar.conf.j2 | 2 +- ansible/roles/ceilometer/defaults/main.yml | 8 +- ansible/roles/ceilometer/tasks/pull.yml | 12 +- ansible/roles/chrony/defaults/main.yml | 2 +- ansible/roles/chrony/tasks/pull.yml | 12 +- ansible/roles/cinder/defaults/main.yml | 8 +- ansible/roles/cinder/tasks/pull.yml | 12 +- ansible/roles/cloudkitty/defaults/main.yml | 47 +++- ansible/roles/cloudkitty/tasks/bootstrap.yml | 30 +++ ansible/roles/cloudkitty/tasks/pull.yml | 12 +- .../roles/cloudkitty/templates/cloudkitty.conf.j2 | 34 ++- ansible/roles/collectd/defaults/main.yml | 2 +- ansible/roles/collectd/tasks/pull.yml | 12 +- ansible/roles/common/defaults/main.yml | 6 +- ansible/roles/common/tasks/config.yml | 5 +- ansible/roles/common/tasks/inspect.yml | 6 - ansible/roles/common/tasks/pull.yml | 11 +- .../templates/conf/input/03-rabbitmq.conf.j2 | 2 +- .../common/templates/conf/output/00-local.conf.j2 | 4 + ansible/roles/common/templates/fluentd.json.j2 | 4 + .../roles/common/templates/kolla-toolbox.json.j2 | 4 +- ansible/roles/cyborg/defaults/main.yml | 6 +- ansible/roles/cyborg/tasks/config.yml | 1 + ansible/roles/cyborg/tasks/pull.yml | 12 +- ansible/roles/cyborg/templates/cyborg.conf.j2 | 2 +- ansible/roles/designate/defaults/main.yml | 14 +- ansible/roles/designate/tasks/pull.yml | 12 +- ansible/roles/elasticsearch/defaults/main.yml | 6 +- ansible/roles/elasticsearch/tasks/pull.yml | 12 +- ansible/roles/etcd/defaults/main.yml | 6 +- ansible/roles/etcd/tasks/pull.yml | 12 +- ansible/roles/freezer/defaults/main.yml | 4 +- ansible/roles/freezer/tasks/pull.yml | 12 +- ansible/roles/glance/defaults/main.yml | 8 +- ansible/roles/glance/tasks/pull.yml | 12 +- ansible/roles/gnocchi/defaults/main.yml | 6 +- ansible/roles/gnocchi/tasks/pull.yml | 12 +- ansible/roles/grafana/defaults/main.yml | 5 +- ansible/roles/grafana/handlers/main.yml | 4 +- ansible/roles/grafana/tasks/pull.yml | 9 +- .../templates/haproxy_single_service_listen.cfg.j2 | 2 +- .../templates/haproxy_single_service_split.cfg.j2 | 2 +- ansible/roles/haproxy/defaults/main.yml | 4 +- ansible/roles/haproxy/handlers/main.yml | 1 + ansible/roles/haproxy/tasks/precheck.yml | 6 +- ansible/roles/haproxy/tasks/pull.yml | 12 +- ansible/roles/heat/defaults/main.yml | 6 +- ansible/roles/heat/tasks/pull.yml | 12 +- ansible/roles/horizon/defaults/main.yml | 2 +- ansible/roles/horizon/tasks/pull.yml | 12 +- ansible/roles/horizon/templates/horizon.conf.j2 | 7 +- ansible/roles/influxdb/defaults/main.yml | 2 +- ansible/roles/influxdb/tasks/pull.yml | 9 +- ansible/roles/ironic/defaults/main.yml | 13 +- ansible/roles/ironic/tasks/deploy.yml | 2 +- ansible/roles/ironic/tasks/pull.yml | 12 +- .../ironic/templates/ironic-inspector.conf.j2 | 4 +- ansible/roles/ironic/templates/ironic.conf.j2 | 8 +- ansible/roles/iscsi/defaults/main.yml | 4 +- ansible/roles/iscsi/tasks/precheck.yml | 2 +- ansible/roles/iscsi/tasks/pull.yml | 12 +- ansible/roles/kafka/defaults/main.yml | 2 +- ansible/roles/kafka/tasks/pull.yml | 12 +- ansible/roles/karbor/defaults/main.yml | 6 +- ansible/roles/karbor/tasks/pull.yml | 12 +- ansible/roles/keystone/defaults/main.yml | 6 +- ansible/roles/keystone/tasks/bootstrap_service.yml | 1 + ansible/roles/keystone/tasks/pull.yml | 12 +- ansible/roles/kibana/defaults/main.yml | 2 +- ansible/roles/kibana/tasks/pull.yml | 12 +- ansible/roles/kuryr/defaults/main.yml | 2 +- ansible/roles/kuryr/tasks/pull.yml | 8 +- ansible/roles/magnum/defaults/main.yml | 4 +- ansible/roles/magnum/tasks/pull.yml | 12 +- ansible/roles/manila/defaults/main.yml | 8 +- ansible/roles/manila/tasks/pull.yml | 12 +- .../roles/manila/templates/manila-share.conf.j2 | 14 +- ansible/roles/mariadb/defaults/main.yml | 8 +- ansible/roles/mariadb/tasks/lookup_cluster.yml | 3 + ansible/roles/mariadb/tasks/pull.yml | 12 +- ansible/roles/mariadb/templates/galera.cnf.j2 | 4 +- ansible/roles/masakari/defaults/main.yml | 6 +- ansible/roles/masakari/tasks/clone.yml | 8 +- ansible/roles/masakari/tasks/pull.yml | 12 +- ansible/roles/masakari/templates/masakari.conf.j2 | 1 + ansible/roles/memcached/defaults/main.yml | 4 +- ansible/roles/memcached/tasks/pull.yml | 13 +- ansible/roles/mistral/defaults/main.yml | 8 +- ansible/roles/mistral/tasks/pull.yml | 12 +- ansible/roles/monasca/defaults/main.yml | 23 +- ansible/roles/monasca/handlers/main.yml | 33 ++- ansible/roles/monasca/tasks/check-containers.yml | 1 + ansible/roles/monasca/tasks/config.yml | 4 +- ansible/roles/monasca/tasks/pull.yml | 12 +- ansible/roles/monasca/tasks/upgrade.yml | 14 ++ .../monasca-agent-collector/agent-collector.yml.j2 | 2 +- .../monasca-agent-forwarder/agent-forwarder.yml.j2 | 2 +- .../monasca-agent-statsd/agent-statsd.yml.j2 | 2 +- .../monasca-thresh/monasca-thresh.json.j2 | 2 +- .../monasca/templates/monasca-thresh/storm.yml.j2 | 8 - ansible/roles/multipathd/defaults/main.yml | 2 +- ansible/roles/multipathd/tasks/pull.yml | 12 +- ansible/roles/murano/defaults/main.yml | 4 +- ansible/roles/murano/tasks/pull.yml | 12 +- ansible/roles/neutron/defaults/main.yml | 33 +-- ansible/roles/neutron/tasks/config-host.yml | 1 - ansible/roles/neutron/tasks/pull.yml | 12 +- ansible/roles/neutron/tasks/rolling_upgrade.yml | 2 +- ansible/roles/neutron/templates/dhcp_agent.ini.j2 | 2 + ansible/roles/neutron/templates/l3_agent.ini.j2 | 2 + .../neutron/templates/linuxbridge_agent.ini.j2 | 4 +- ansible/roles/neutron/templates/ml2_conf.ini.j2 | 2 +- .../roles/neutron/templates/neutron-server.json.j2 | 2 +- ansible/roles/neutron/templates/neutron.conf.j2 | 4 +- ansible/roles/nova-cell/defaults/main.yml | 27 ++- ansible/roles/nova-cell/tasks/config-host.yml | 2 +- .../roles/nova-cell/tasks/discover_computes.yml | 8 +- ansible/roles/nova-cell/tasks/loadbalancer.yml | 4 + ansible/roles/nova-cell/tasks/pull.yml | 12 +- ansible/roles/nova-cell/tasks/rabbitmq.yml | 4 +- ansible/roles/nova-cell/tasks/reload.yml | 1 + ansible/roles/nova-cell/templates/nova.conf.j2 | 4 +- ansible/roles/nova/defaults/main.yml | 8 +- ansible/roles/nova/tasks/pull.yml | 12 +- ansible/roles/nova/tasks/reload_api.yml | 1 + .../roles/nova/tasks/reload_super_conductor.yml | 1 + ansible/roles/nova/templates/nova.conf.j2 | 5 +- ansible/roles/octavia/defaults/main.yml | 10 +- ansible/roles/octavia/tasks/openrc.yml | 4 +- ansible/roles/octavia/tasks/prepare.yml | 2 +- ansible/roles/octavia/tasks/pull.yml | 12 +- ansible/roles/openvswitch/defaults/main.yml | 6 +- ansible/roles/openvswitch/tasks/pull.yml | 12 +- ansible/roles/ovn/handlers/main.yml | 4 + ansible/roles/ovn/tasks/pull.yml | 12 +- ansible/roles/ovs-dpdk/defaults/main.yml | 6 +- ansible/roles/ovs-dpdk/tasks/config.yml | 1 + ansible/roles/ovs-dpdk/tasks/pull.yml | 12 +- ansible/roles/panko/defaults/main.yml | 2 +- ansible/roles/panko/tasks/pull.yml | 9 +- ansible/roles/placement/defaults/main.yml | 2 +- ansible/roles/placement/tasks/config.yml | 2 +- ansible/roles/placement/tasks/pull.yml | 12 +- ansible/roles/prechecks/tasks/datetime_checks.yml | 2 +- ansible/roles/prechecks/tasks/host_os_checks.yml | 16 +- ansible/roles/prechecks/tasks/main.yml | 1 + ansible/roles/prechecks/tasks/package_checks.yml | 2 +- ansible/roles/prechecks/tasks/port_checks.yml | 4 +- ansible/roles/prechecks/vars/main.yml | 6 +- ansible/roles/prometheus/defaults/main.yml | 20 +- ansible/roles/prometheus/tasks/config.yml | 1 - ansible/roles/prometheus/tasks/pull.yml | 12 +- .../roles/prometheus/templates/prometheus.yml.j2 | 1 + ansible/roles/qdrouterd/defaults/main.yml | 2 +- ansible/roles/qdrouterd/tasks/precheck.yml | 2 +- ansible/roles/qdrouterd/tasks/pull.yml | 12 +- ansible/roles/qinling/defaults/main.yml | 4 +- ansible/roles/qinling/tasks/pull.yml | 12 +- ansible/roles/rabbitmq/defaults/main.yml | 6 +- ansible/roles/rabbitmq/tasks/precheck.yml | 4 +- ansible/roles/rabbitmq/tasks/pull.yml | 12 +- .../roles/rabbitmq/templates/rabbitmq-env.conf.j2 | 2 +- ansible/roles/rabbitmq/templates/rabbitmq.conf.j2 | 2 +- ansible/roles/rally/defaults/main.yml | 2 +- ansible/roles/rally/tasks/pull.yml | 12 +- ansible/roles/redis/defaults/main.yml | 4 +- ansible/roles/redis/tasks/pull.yml | 12 +- ansible/roles/sahara/defaults/main.yml | 4 +- ansible/roles/sahara/tasks/pull.yml | 12 +- ansible/roles/searchlight/defaults/main.yml | 4 +- ansible/roles/searchlight/tasks/pull.yml | 12 +- ansible/roles/senlin/defaults/main.yml | 8 +- ansible/roles/senlin/tasks/pull.yml | 12 +- .../roles/service-images-pull/defaults/main.yml | 7 + ansible/roles/service-images-pull/tasks/main.yml | 16 ++ ansible/roles/skydive/defaults/main.yml | 4 +- ansible/roles/skydive/tasks/pull.yml | 12 +- .../skydive/templates/skydive-analyzer.conf.j2 | 2 +- ansible/roles/solum/defaults/main.yml | 8 +- ansible/roles/solum/tasks/pull.yml | 12 +- ansible/roles/solum/templates/solum.conf.j2 | 2 +- ansible/roles/storm/defaults/main.yml | 4 +- ansible/roles/storm/tasks/pull.yml | 12 +- ansible/roles/swift/defaults/main.yml | 6 + ansible/roles/swift/tasks/pull.yml | 24 +++ ansible/roles/tacker/defaults/main.yml | 6 +- ansible/roles/tacker/tasks/pull.yml | 12 +- ansible/roles/telegraf/defaults/main.yml | 2 +- ansible/roles/telegraf/tasks/pull.yml | 12 +- ansible/roles/tempest/defaults/main.yml | 4 +- ansible/roles/tempest/tasks/pull.yml | 12 +- ansible/roles/tempest/templates/tempest.conf.j2 | 2 +- ansible/roles/trove/defaults/main.yml | 6 +- ansible/roles/trove/tasks/pull.yml | 12 +- ansible/roles/vitrage/defaults/main.yml | 10 +- ansible/roles/vitrage/tasks/pull.yml | 12 +- ansible/roles/vmtp/defaults/main.yml | 2 +- ansible/roles/vmtp/tasks/pull.yml | 12 +- ansible/roles/watcher/defaults/main.yml | 6 +- ansible/roles/watcher/tasks/config.yml | 3 + ansible/roles/watcher/tasks/pull.yml | 12 +- ansible/roles/zookeeper/defaults/main.yml | 2 +- ansible/roles/zookeeper/tasks/pull.yml | 12 +- ansible/roles/zookeeper/templates/myid.j2 | 2 +- ansible/roles/zun/defaults/main.yml | 8 +- ansible/roles/zun/tasks/pull.yml | 12 +- ansible/site.yml | 17 ++ .../bootstrap-servers.rst | 2 + .../message-queues/external-rabbitmq-guide.rst | 53 +++++ .../reference/networking/neutron-extensions.rst | 12 +- .../orchestration-and-nfv/tacker-guide.rst | 27 +-- .../reference/storage/external-ceph-guide.rst | 13 +- etc/kolla/globals.yml | 34 ++- kolla_ansible/kolla_address.py | 2 +- ...k-exporter-scrape-timeout-af5dcd5d988ae12b.yaml | 4 + ...eus_support_on_cloudkitty-774e13e363e15a4b.yaml | 17 ++ .../notes/ansible-facts-4279741e84c03ce0.yaml | 10 + .../notes/bug-1808805-3ebd9b0edceff170.yaml | 13 ++ .../notes/bug-1848775-b0625b7586adac96.yaml | 8 + .../notes/bug-1927880-cc407f18f415bbd2.yaml | 6 + .../notes/bug-1933347-4031d94ef7decb3c.yaml | 5 + .../notes/bug-1933846-122a62e9724b638c.yaml | 5 + .../notes/bug-1934913-a8d436e3d0b950b4.yaml | 6 + .../notes/bug-1938549-e73042a61f0a5935.yaml | 10 + .../notes/bug-1939291-bf2e405d286e4b07.yaml | 6 + .../notes/bug-1939679-a31bc2093a4c0000.yaml | 5 + .../notes/bug-1939883-dbfca874b138cfe9.yaml | 6 + .../notes/bug-1944114-fa2a266c014c64a9.yaml | 5 + .../notes/bug-1945070-965635387a8581f9.yaml | 6 + .../notes/bug-1945453-c410cc090cb85feb.yaml | 16 ++ .../notes/bug-1948835-51b15ddbef04d307.yaml | 6 + .../notes/bug-1948979-aaf2a93cc016ffb1.yaml | 5 + .../notes/bug-1949260-34d82ecd677dd8ff.yaml | 5 + ...ix-nova-api-log-file-name-9a377525e73012de.yaml | 7 + .../notes/cyborg-become-8453d941af536e91.yaml | 5 + .../notes/disable-firewall-1e1955168c717cb5.yaml | 6 + .../notes/fix-neutron-vmware-4a8804399d47d8d7.yaml | 5 + ...-start-first-node-timeout-f9a6149cc68153a5.yaml | 10 + .../notes/image-pull-retries-75490c3e6e1e4b54.yaml | 9 + .../notes/linux-bridge-multi-fe8576616fb7d373.yaml | 6 + .../notes/manila-glance-4524ed1e9d488a60.yaml | 5 + .../notes/nova-ceph-user-53670f9ccc546225.yaml | 16 ++ .../ovn-neutron-dhcp-agent-21aaafe5e1cda501.yaml | 6 + ...educe-rabbit-busy-waiting-085433c822165eab.yaml | 13 ++ ...nd-optimise-image-pulling-4346d3c0840ee640.yaml | 4 + .../notes/security-log4j-1be047799f8e590a.yaml | 5 + .../notes/setup-module-args-c29e1815bbbe8aca.yaml | 8 + ...nic-template-for-keystone-1ee5f80fda7a21a0.yaml | 7 + tools/kolla-ansible | 2 +- zuul.d/jobs.yaml | 166 +++++++++++++++ zuul.d/nodesets.yaml | 22 ++ zuul.d/project.yaml | 22 ++ 284 files changed, 2119 insertions(+), 1267 deletions(-) From no-reply at openstack.org Mon Jan 3 10:39:42 2022 From: no-reply at openstack.org (no-reply at openstack.org) Date: Mon, 03 Jan 2022 10:39:42 -0000 Subject: [release-announce] kolla-ansible 13.0.1 (xena) Message-ID: We are jazzed to announce the release of: kolla-ansible 13.0.1: Ansible Deployment of Kolla containers This release is part of the xena stable release series. The source is available from: https://opendev.org/openstack/kolla-ansible Download the package from: https://tarballs.openstack.org/kolla-ansible/ Please report issues through: https://bugs.launchpad.net/kolla-ansible/+bugs For more details, please see below. 13.0.1 ^^^^^^ Security Issues *************** * Adds mitigation for the Apache Log4j2 Remote Code Execution (RCE) Vulnerability in Elasticsearch - CVE-2021-44228. Bug Fixes ********* * Fixes generation of "cyborg.conf". LP#1941704 * Only run "configure ovn in ovsdb" task on ovn-controller hosts The task will fail on hosts (like controller nodes) without tunnel interface LP#1953367 * Fixes an issue where the Nova API logs were written to files ending with *-wsgi.log* which affected the processing of these logs in the Fluentd pipeline. LP#1950185 * On slower nodes, the initial grafana startup could experience a timeout failure when the migrations for setting up the database took longer than expected. This has been fixed by increasing the default timeout. The timeout settings can be changed via new parameters "grafana_start_first_node_delay" and "grafana_start_first_node_retries" for the "grafana" role. LP#1769962 Other Notes *********** * The container "ironic-dnsmasq" now creates the "dnsmasq.log" just as the container "neutron-dhcp-agent". For both log files verbosity can be increased globally via "openstack_logging_debug" or per service via "ironic_logging_debug" or "neutron_logging_debug" variables. Changes in kolla-ansible 13.0.0..13.0.1 --------------------------------------- 832416e50 Added upgrade note for separate nova and cinder keys. f2c0d1ecc [docs] Mark init-runonce properly 725e2d363 ovn: configure ovn in ovsdb only on ovn-controller hosts 49850986d [Security] Add log4j vulnerability mitigation in Elasticsearch f6ff1a0a5 Bump timeout for grafana startup f51dbdede Update dnsmasq logging 4bc015a50 Finish removing Monasca Log Transformer 4d5d88597 Fix monasca-thresh upgrade 24965250e docs: stop installing kolla in quickstart 2e85dba77 Cleanup leftovers of the removed tempest role f62361371 CI: Test minimum and maximum supported ansible versions be9454ab7 Fix wrong opts in cyborg.conf d88d7b131 Specify log file name for Nova API ea04a3375 docs: Install openstack-client with upper constraints 142800014 haproxy: remove unused tls check condition in config Diffstat (except docs and test files) ------------------------------------- ansible/inventory/all-in-one | 3 -- ansible/inventory/multinode | 3 -- ansible/monasca_cleanup.yml | 1 - .../common/templates/conf/input/00-global.conf.j2 | 1 + ansible/roles/cyborg/templates/cyborg.conf.j2 | 1 + ansible/roles/elasticsearch/defaults/main.yml | 2 +- ansible/roles/grafana/defaults/main.yml | 3 ++ ansible/roles/grafana/handlers/main.yml | 4 +- .../roles/ironic/templates/ironic-dnsmasq.conf.j2 | 6 +++ .../templates/haproxy/haproxy_main.cfg.j2 | 2 - ansible/roles/monasca/defaults/main.yml | 17 --------- ansible/roles/monasca/tasks/upgrade.yml | 1 + ansible/roles/neutron/templates/dnsmasq.conf.j2 | 5 +++ ansible/roles/nova/templates/nova.conf.j2 | 5 ++- ansible/roles/ovn/tasks/bootstrap.yml | 1 + ansible/roles/tempest/defaults/main.yml | 43 ---------------------- ansible/site.yml | 1 - .../reference/networking/neutron-extensions.rst | 10 +++++ .../orchestration-and-nfv/tacker-guide.rst | 27 +++++++------- .../notes/bug-1941704-d31774f4dd56374f.yaml | 5 +++ .../notes/bug-1953367-61591a7f3ecf28ce.yaml | 7 ++++ ...ix-nova-api-log-file-name-9a377525e73012de.yaml | 7 ++++ ...-start-first-node-timeout-f9a6149cc68153a5.yaml | 10 +++++ .../notes/security-log4j-1be047799f8e590a.yaml | 5 +++ .../update-dnsmasq-logging-a5d42f6180aff049.yaml | 7 ++++ 30 files changed, 115 insertions(+), 105 deletions(-) From no-reply at openstack.org Wed Jan 5 15:50:43 2022 From: no-reply at openstack.org (no-reply at openstack.org) Date: Wed, 05 Jan 2022 15:50:43 -0000 Subject: [release-announce] neutron-lib 2.18.1 (yoga) Message-ID: We are satisfied to announce the release of: neutron-lib 2.18.1: Neutron shared routines and utilities This release is part of the yoga release series. The source is available from: https://opendev.org/openstack/neutron-lib Download the package from: https://pypi.org/project/neutron-lib Please report issues through: https://bugs.launchpad.net/neutron/+bugs For more details, please see below. Changes in neutron-lib 2.18.0..2.18.1 ------------------------------------- 76b9a09 Log resource id in the callbacks publish method cb03193 Remove import statement for six Diffstat (except docs and test files) ------------------------------------- neutron_lib/callbacks/manager.py | 5 +++-- tools/pyir.py | 4 +--- 2 files changed, 4 insertions(+), 5 deletions(-) From no-reply at openstack.org Wed Jan 5 16:06:40 2022 From: no-reply at openstack.org (no-reply at openstack.org) Date: Wed, 05 Jan 2022 16:06:40 -0000 Subject: [release-announce] ovsdbapp 1.14.0 (yoga) Message-ID: We are thrilled to announce the release of: ovsdbapp 1.14.0: A library for creating OVSDB applications This release is part of the yoga release series. The source is available from: https://opendev.org/openstack/ovsdbapp Download the package from: https://tarballs.openstack.org/ovsdbapp/ Please report issues through: https://bugs.launchpad.net/ovsdbapp/+bugs For more details, please see below. 1.14.0 ^^^^^^ New Features * Support the new "discard" static route nexthop type. It was added in OVN 21.06. * Added functions and commands to add, delete, list and update records of 'Address_Set' table. * Added functions and commands to add, delete and list gateway chassis of logical router port. * Added function and command to get one logical router port by name or uuid. Changes in ovsdbapp 1.13.0..1.14.0 ---------------------------------- dfc2c0e Move linters dependencies to tox.ini 8a21d5f Allow functional tests to pass on older OVN w/o IC 358d1a5 Remove ovsdb_connection singleton for tests a2d3ef2 Add cooperative_yield() to OvsdbIdl 5d269bf Check WaitEvents for match after other events c33512a Capture test run logging 641b6b8 nb: add support for set of addresses API ad9f462 nb: add support for lrp's gateway chassis API faea171 nb: provide lrp_get method ea0d335 nb: provide 'discard' value for nexthop 7c57344 Add Python3 yoga unit tests Diffstat (except docs and test files) ------------------------------------- ovsdbapp/backend/ovs_idl/connection.py | 3 + ovsdbapp/constants.py | 2 + ovsdbapp/event.py | 47 ++++-- ovsdbapp/schema/ovn_northbound/api.py | 108 +++++++++++++ ovsdbapp/schema/ovn_northbound/commands.py | 136 +++++++++++++++- ovsdbapp/schema/ovn_northbound/impl_idl.py | 32 ++++ .../functional/backend/ovs_idl/test_backend.py | 4 +- .../functional/backend/ovs_idl/test_indexing.py | 22 +-- .../schema/ovn_ic_northbound/fixtures.py | 5 + .../schema/ovn_ic_northbound/test_impl_idl.py | 14 +- .../functional/schema/ovn_northbound/fixtures.py | 10 ++ .../schema/ovn_northbound/test_impl_idl.py | 179 ++++++++++++++++++++- .../functional/schema/ovn_southbound/fixtures.py | 5 + .../schema/ovn_southbound/test_impl_idl.py | 13 +- ovsdbapp/venv.py | 66 ++++++-- ...n-support-discard-nexthop-cdb1d35aceaf4b63.yaml | 4 + .../provide-address-set-api-3cb387b9e571d4ea.yaml | 4 + ...e-lrp-gateway-chassis-api-14e2948183f60cfa.yaml | 4 + .../provide-lrp-get-method-a33a99a7f86b827e.yaml | 4 + test-requirements.txt | 3 - tox.ini | 8 + zuul.d/project.yaml | 2 +- 25 files changed, 709 insertions(+), 80 deletions(-) Requirements updates -------------------- diff --git a/test-requirements.txt b/test-requirements.txt index 17a2b4b..749805c 100644 --- a/test-requirements.txt +++ b/test-requirements.txt @@ -5,2 +4,0 @@ -hacking>=3.0.1,<3.1.0 # Apache-2.0 - @@ -11 +8,0 @@ oslotest>=3.2.0 # Apache-2.0 -pylint==2.6.0 # GPLv2 From no-reply at openstack.org Wed Jan 5 16:13:27 2022 From: no-reply at openstack.org (no-reply at openstack.org) Date: Wed, 05 Jan 2022 16:13:27 -0000 Subject: [release-announce] neutron-dynamic-routing 18.1.0 (wallaby) Message-ID: We are overjoyed to announce the release of: neutron-dynamic-routing 18.1.0: Neutron Dynamic Routing This release is part of the wallaby stable release series. The source is available from: https://opendev.org/openstack/neutron-dynamic-routing Download the package from: https://tarballs.openstack.org/neutron-dynamic-routing/ Please report issues through: https://bugs.launchpad.net/neutron/+bugs For more details, please see below. 18.1.0 ^^^^^^ New Features * A new BGP scheduler has been added, called "StaticScheduler". It will not perform any automatic scheduling of speakers to agents, instead relying on API calls to perform explicit scheduling, fulfilling the needs of larger deployments. See also bug 1920065 (https://bugs.launchpad.net/neutron/+bug/1920065). The plan is to make the "StaticScheduler" the default option for the next release and possibly deprecate the current default, "ChanceScheduler". Changes in neutron-dynamic-routing 18.0.0..18.1.0 ------------------------------------------------- c5c8612 Add a StaticScheduler without automatic scheduling 9ebce05 Dropping lower constraints testing (stable Wallaby) c10de7d Fix TypeError when formatting BGP IP address. cf256fa Switch to use neutron-tempest-plugin jobs for Wallaby branch b1e1f70 Update TOX_CONSTRAINTS_FILE for stable/wallaby b716c4f Update .gitreview for stable/wallaby Diffstat (except docs and test files) ------------------------------------- .gitreview | 1 + .zuul.yaml | 18 +++++++++-- neutron_dynamic_routing/services/bgp/bgp_plugin.py | 2 +- .../bgp/scheduler/bgp_dragent_scheduler.py | 6 ++++ .../add-static-scheduler-a3b0f54b964ae306.yaml | 10 ++++++ tox.ini | 4 +-- 11 files changed, 106 insertions(+), 14 deletions(-) From no-reply at openstack.org Wed Jan 5 16:18:47 2022 From: no-reply at openstack.org (no-reply at openstack.org) Date: Wed, 05 Jan 2022 16:18:47 -0000 Subject: [release-announce] neutron-dynamic-routing 19.1.0 (xena) Message-ID: We are satisfied to announce the release of: neutron-dynamic-routing 19.1.0: Neutron Dynamic Routing This release is part of the xena stable release series. The source is available from: https://opendev.org/openstack/neutron-dynamic-routing Download the package from: https://tarballs.openstack.org/neutron-dynamic-routing/ Please report issues through: https://bugs.launchpad.net/neutron/+bugs For more details, please see below. 19.1.0 ^^^^^^ New Features * A new BGP scheduler has been added, called "StaticScheduler". It will not perform any automatic scheduling of speakers to agents, instead relying on API calls to perform explicit scheduling, fulfilling the needs of larger deployments. See also bug 1920065 (https://bugs.launchpad.net/neutron/+bug/1920065). The plan is to make the "StaticScheduler" the default option for the next release and possibly deprecate the current default, "ChanceScheduler". Changes in neutron-dynamic-routing 19.0.0..19.1.0 ------------------------------------------------- 3d5eddd Add a StaticScheduler without automatic scheduling ce8ae8b Dropping lower constraints testing (stable Xena) Diffstat (except docs and test files) ------------------------------------- .zuul.yaml | 14 +++++++- .../bgp/scheduler/bgp_dragent_scheduler.py | 6 ++++ .../add-static-scheduler-a3b0f54b964ae306.yaml | 10 ++++++ 7 files changed, 68 insertions(+), 9 deletions(-) From no-reply at openstack.org Thu Jan 6 10:52:29 2022 From: no-reply at openstack.org (no-reply at openstack.org) Date: Thu, 06 Jan 2022 10:52:29 -0000 Subject: [release-announce] aodhclient 2.4.0 (yoga) Message-ID: We are chuffed to announce the release of: aodhclient 2.4.0: Python client library for Aodh This release is part of the yoga release series. The source is available from: https://opendev.org/openstack/aodhclient Download the package from: https://pypi.org/project/aodhclient For more details, please see below. Changes in aodhclient 2.3.0..2.4.0 ---------------------------------- 3a36ed1 Fix aodhclient for pyparse 3.0.6 Diffstat (except docs and test files) ------------------------------------- aodhclient/utils.py | 2 +- 2 files changed, 1 insertion(+), 176 deletions(-) From no-reply at openstack.org Thu Jan 6 11:08:25 2022 From: no-reply at openstack.org (no-reply at openstack.org) Date: Thu, 06 Jan 2022 11:08:25 -0000 Subject: [release-announce] python-zunclient 4.4.0 (yoga) Message-ID: We are tickled pink to announce the release of: python-zunclient 4.4.0: Client Library for Zun This release is part of the yoga release series. The source is available from: https://opendev.org/openstack/python-zunclient Download the package from: https://pypi.org/project/python-zunclient Please report issues through: https://bugs.launchpad.net/python-zunclient/+bugs For more details, please see below. Changes in python-zunclient 4.3.0..4.4.0 ---------------------------------------- 2284443 Python 3.10: Subcomand help test fix 24edb14 Add Python3 yoga unit tests faf7563 Update master for stable/xena dd73280 Remove the unused os-testr package Diffstat (except docs and test files) ------------------------------------- .zuul.yaml | 2 +- lower-constraints.txt | 1 - releasenotes/source/index.rst | 1 + releasenotes/source/xena.rst | 6 ++++++ 5 files changed, 13 insertions(+), 3 deletions(-) From no-reply at openstack.org Thu Jan 6 11:27:30 2022 From: no-reply at openstack.org (no-reply at openstack.org) Date: Thu, 06 Jan 2022 11:27:30 -0000 Subject: [release-announce] oslo.service 2.8.0 (yoga) Message-ID: We eagerly announce the release of: oslo.service 2.8.0: oslo.service library This release is part of the yoga release series. The source is available from: https://opendev.org/openstack/oslo.service Download the package from: https://pypi.org/project/oslo.service Please report issues through: https://bugs.launchpad.net/oslo.service/+bugs For more details, please see below. 2.8.0 ^^^^^ New Features * A new config options, "[DEFAULT] wsgi_server_debug", has been added. This allows admins to configure whether the server should send exception tracebacks to the clients on HTTP 500 errors. This defaults to "False", preserving previous behavior. Changes in oslo.service 2.7.0..2.8.0 ------------------------------------ 6552b9a Make debug option of wsgi server configurable Diffstat (except docs and test files) ------------------------------------- oslo_service/_options.py | 5 +++++ oslo_service/wsgi.py | 2 +- releasenotes/notes/add-wsgi_server_debug-opt-70d818b5b78bfc7c.yaml | 7 +++++++ 3 files changed, 13 insertions(+), 1 deletion(-) From no-reply at openstack.org Thu Jan 6 11:28:37 2022 From: no-reply at openstack.org (no-reply at openstack.org) Date: Thu, 06 Jan 2022 11:28:37 -0000 Subject: [release-announce] oslo.cache 2.9.0 (yoga) Message-ID: We are overjoyed to announce the release of: oslo.cache 2.9.0: Cache storage for OpenStack projects. This release is part of the yoga release series. The source is available from: https://opendev.org/openstack/oslo.cache Download the package from: https://pypi.org/project/oslo.cache Please report issues through: https://bugs.launchpad.net/oslo.cache/+bugs For more details, please see below. Changes in oslo.cache 2.8.1..2.9.0 ---------------------------------- d2aef19 Update python testing classifier 8290f80 Drop pymongo useless and removed attribute 316b0d2 Add Python3 yoga unit tests aaae243 Update master for stable/xena 04e3860 fix typo Diffstat (except docs and test files) ------------------------------------- .zuul.yaml | 2 +- oslo_cache/_opts.py | 2 +- releasenotes/source/index.rst | 1 + releasenotes/source/xena.rst | 6 ++++++ setup.cfg | 2 ++ 6 files changed, 11 insertions(+), 4 deletions(-) From no-reply at openstack.org Fri Jan 7 14:44:26 2022 From: no-reply at openstack.org (no-reply at openstack.org) Date: Fri, 07 Jan 2022 14:44:26 -0000 Subject: [release-announce] python-keystoneclient 4.4.0 (yoga) Message-ID: We enthusiastically announce the release of: python-keystoneclient 4.4.0: Client Library for OpenStack Identity This release is part of the yoga release series. The source is available from: https://opendev.org/openstack/python-keystoneclient Download the package from: https://pypi.org/project/python-keystoneclient Please report issues through: https://bugs.launchpad.net/python-keystoneclient/+bugs For more details, please see below. Changes in python-keystoneclient 4.3.0..4.4.0 --------------------------------------------- 56c7b50 Add access to /v3/auth/systems f6569e2 Fix doc error to unblock the gate 0c4e294 Drop lower-constrait job Diffstat (except docs and test files) ------------------------------------- .zuul.yaml | 1 - keystoneclient/v3/auth.py | 23 ++++++++++++++++++++ keystoneclient/v3/system.py | 26 +++++++++++++++++++++++ 5 files changed, 64 insertions(+), 1 deletion(-) From no-reply at openstack.org Fri Jan 7 14:45:53 2022 From: no-reply at openstack.org (no-reply at openstack.org) Date: Fri, 07 Jan 2022 14:45:53 -0000 Subject: [release-announce] python-ironicclient 4.10.0 (yoga) Message-ID: We enthusiastically announce the release of: python-ironicclient 4.10.0: OpenStack Bare Metal Provisioning API Client Library This release is part of the yoga release series. The source is available from: https://opendev.org/openstack/python-ironicclient Download the package from: https://pypi.org/project/python-ironicclient Please report issues through: https://storyboard.openstack.org/#!/project/openstack/python- ironicclient For more details, please see below. Changes in python-ironicclient 4.9.0..4.10.0 -------------------------------------------- 4549820 Improve description of "node boot mode set" 4ce3c4e Test python 3.6 for distributions compatibility 4712812 Made `baremetal --help` display command specific help. e76c43b Fix references to ironicclient classes and methods Diffstat (except docs and test files) ------------------------------------- ironicclient/osc/v1/baremetal_node.py | 2 +- ironicclient/shell.py | 3 ++- zuul.d/project.yaml | 10 ++++++++++ 4 files changed, 28 insertions(+), 21 deletions(-) From no-reply at openstack.org Fri Jan 7 14:47:04 2022 From: no-reply at openstack.org (no-reply at openstack.org) Date: Fri, 07 Jan 2022 14:47:04 -0000 Subject: [release-announce] python-tackerclient 1.9.0 (yoga) Message-ID: We are pleased to announce the release of: python-tackerclient 1.9.0: CLI and Client Library for OpenStack Tacker This release is part of the yoga release series. The source is available from: https://opendev.org/openstack/python-tackerclient Download the package from: https://pypi.org/project/python-tackerclient Please report issues through: https://bugs.launchpad.net/python-tackerclient/+bugs For more details, please see below. Changes in python-tackerclient 1.8.0..1.9.0 ------------------------------------------- b7f27c3 Update python testing classifier 6834454 Support of Cancel VNF command in openstackclient a3d485c Add Python3 yoga unit tests 861a575 Drop test for lower constraints 015e6e2 Update master for stable/xena b6aec20 setup.cfg: Replace dashes with underscores 4299140 Update master for stable/wallaby Diffstat (except docs and test files) ------------------------------------- .zuul.yaml | 3 +- lower-constraints.txt | 56 ------------------- releasenotes/source/index.rst | 2 + releasenotes/source/wallaby.rst | 6 ++ releasenotes/source/xena.rst | 6 ++ setup.cfg | 11 ++-- tackerclient/osc/v1/vnflcm/vnflcm_op_occs.py | 41 ++++++++++++++ tackerclient/v1_0/client.py | 8 +++ tox.ini | 8 +-- 10 files changed, 137 insertions(+), 69 deletions(-) From no-reply at openstack.org Fri Jan 7 14:49:19 2022 From: no-reply at openstack.org (no-reply at openstack.org) Date: Fri, 07 Jan 2022 14:49:19 -0000 Subject: [release-announce] python-heatclient 2.5.0 (yoga) Message-ID: We are psyched to announce the release of: python-heatclient 2.5.0: OpenStack Orchestration API Client Library This release is part of the yoga release series. The source is available from: https://opendev.org/openstack/python-heatclient Download the package from: https://pypi.org/project/python-heatclient Please report issues through: https://bugs.launchpad.net/python-heatclient/+bugs For more details, please see below. Changes in python-heatclient 2.4.0..2.5.0 ----------------------------------------- db9a71f Update python testing classifier 796a8f5 Replace deprecated import of ABCs from collections 4753a47 Fix test and lower constraints b457930 Add Python3 yoga unit tests 3415690 Update master for stable/xena Diffstat (except docs and test files) ------------------------------------- .zuul.yaml | 2 +- heatclient/common/template_utils.py | 6 +++--- lower-constraints.txt | 8 ++++---- releasenotes/source/index.rst | 1 + releasenotes/source/xena.rst | 6 ++++++ setup.cfg | 1 + tox.ini | 2 +- 8 files changed, 18 insertions(+), 10 deletions(-) From no-reply at openstack.org Mon Jan 10 09:17:39 2022 From: no-reply at openstack.org (no-reply at openstack.org) Date: Mon, 10 Jan 2022 09:17:39 -0000 Subject: [release-announce] validations-libs 1.5.0 Message-ID: We are delighted to announce the release of: validations-libs 1.5.0: A common library for the validations framework The source is available from: https://opendev.org/openstack/validations-libs Download the package from: https://tarballs.openstack.org/validations-libs/ For more details, please see below. Changes in validations-libs 1.4.0..1.5.0 ---------------------------------------- 17e6895 Add backward compatibility for python pathlib module 68adc1f Convert fstrings to .format to facilitate porting 1eee81d Mocking 'open' to improve test isolation ed33291 Disable spinner when running validation in non quiet mode 5ba9c42 Add the community validation paths 399d290 Refactor set_argument_parser to fix shell regression 53b5732 Enforce existing roles and playbooks checks 1bbf282 Add new CLI sub command to create community validations d61126b Use py3 as the default runtime for tox 7d416ac Default value of the constructor parameter Diffstat (except docs and test files) ------------------------------------- README.rst | 146 +++++++++++ setup.cfg | 1 + tox.ini | 2 +- validation.cfg | 4 + validations_libs/ansible.py | 25 +- validations_libs/cli/base.py | 32 +-- validations_libs/cli/community.py | 106 ++++++++ validations_libs/cli/history.py | 12 +- validations_libs/cli/lister.py | 8 +- validations_libs/cli/run.py | 6 +- validations_libs/cli/show.py | 26 +- validations_libs/community/__init__.py | 15 ++ validations_libs/community/init_validation.py | 220 ++++++++++++++++ validations_libs/constants.py | 88 +++++++ validations_libs/utils.py | 185 ++++++++++++- validations_libs/validation.py | 9 +- validations_libs/validation_actions.py | 78 ++++-- 28 files changed, 1770 insertions(+), 137 deletions(-) From no-reply at openstack.org Mon Jan 10 09:18:46 2022 From: no-reply at openstack.org (no-reply at openstack.org) Date: Mon, 10 Jan 2022 09:18:46 -0000 Subject: [release-announce] validations-common 1.5.0 Message-ID: We enthusiastically announce the release of: validations-common 1.5.0: A common Ansible libraries and plugins for the validations framework The source is available from: https://opendev.org/openstack/validations-common Download the package from: https://tarballs.openstack.org/validations-common/ For more details, please see below. Changes in validations-common 1.4.0..1.5.0 ------------------------------------------ cf7ebdd Create clients component for CI Validations Jobs 2976535 Run all validations and fail after for CI role 464b70d CI task for execution of all packaged validations 7c20266 Validation Framework functional test expansion fc90fd5 Adding more validations in the tripleo component test ee89324 Elevating priviledges for the check_package_update 2574c2b Use py3 as the default runtime for tox Diffstat (except docs and test files) ------------------------------------- roles/fetch_validations/tasks/main.yaml | 2 +- roles/validations/defaults/main.yaml | 1 + .../validations/tasks/execute_full_catalogue.yaml | 15 +++ roles/validations/tasks/list.yaml | 34 +++++- .../validations/tasks/list_validation_history.yaml | 52 +++++++++ roles/validations/tasks/main.yaml | 64 +++++++++++- roles/validations/tasks/run.yaml | 94 ++++------------- roles/validations/tasks/run_extra_vars_file.yaml | 41 ++++++++ roles/validations/tasks/show.yaml | 6 -- roles/validations/tasks/show_results.yaml | 21 ++++ roles/validations/tasks/show_validation_info.yaml | 33 ++++++ roles/validations/vars/main.yaml | 116 +++++++++++++++++++++ tox.ini | 2 +- .../check_latest_packages_version/tasks/main.yml | 1 + 14 files changed, 398 insertions(+), 84 deletions(-) From no-reply at openstack.org Mon Jan 10 09:29:10 2022 From: no-reply at openstack.org (no-reply at openstack.org) Date: Mon, 10 Jan 2022 09:29:10 -0000 Subject: [release-announce] neutron-lib 2.15.1 (xena) Message-ID: We are thrilled to announce the release of: neutron-lib 2.15.1: Neutron shared routines and utilities This release is part of the xena stable release series. The source is available from: https://opendev.org/openstack/neutron-lib Download the package from: https://pypi.org/project/neutron-lib Please report issues through: https://bugs.launchpad.net/neutron/+bugs For more details, please see below. Changes in neutron-lib 2.15.0..2.15.1 ------------------------------------- 997be4d [stable-only] Fix allocation update for min bw rule with different direction 19cf80f Dropping lower constraints testing (stable Xena) 11d1cbf Update TOX_CONSTRAINTS_FILE for stable/xena 9a7bb4e Update .gitreview for stable/xena Diffstat (except docs and test files) ------------------------------------- .gitreview | 1 + .pylintrc | 1 + .zuul.yaml | 1 - lower-constraints.txt | 101 ------------------------ neutron_lib/placement/client.py | 13 +-- tox.ini | 16 ++-- 7 files changed, 31 insertions(+), 118 deletions(-) From no-reply at openstack.org Mon Jan 10 11:18:10 2022 From: no-reply at openstack.org (no-reply at openstack.org) Date: Mon, 10 Jan 2022 11:18:10 -0000 Subject: [release-announce] puppet-ironic 16.5.0 (ussuri) Message-ID: We are glad to announce the release of: puppet-ironic 16.5.0: Puppet module for OpenStack Ironic This release is part of the ussuri stable release series. The source is available from: https://opendev.org/openstack/puppet-ironic Download the package from: https://tarballs.openstack.org/puppet-ironic/ Please report issues through: https://bugs.launchpad.net/puppet-ironic/+bugs For more details, please see below. 16.5.0 ^^^^^^ New Features ************ * It is now possible to disable sequential ip addressing in the ironic inspector dnsmasq service. The "ironic::inspector" class has the new parameter "dnsmasq_dhcp_sequential_ip" *(defaults to: true)*. Set it to "false" to disable sequential ip addressing. Bug Fixes ********* * Fixed an issue where dnsmasq DHCP configuration for ironic- inspector would point to the wrong UEFI iPXE bootfile. See bug: 1952652 (https://bugs.launchpad.net/puppet-ironic/+bug/1952652). Changes in puppet-ironic 16.4.0..16.5.0 --------------------------------------- 0e1cfd2 Re-prepare the final stable/ussuri release 0f3581d Fix name of iPXE efi bootrom 03e3968 inspector dnsmasq: make sequential-ip configurable Diffstat (except docs and test files) ------------------------------------- manifests/drivers/pxe.pp | 7 ++++--- manifests/inspector.pp | 21 +++++++++++++++++---- manifests/pxe.pp | 3 ++- manifests/pxe/common.pp | 13 +++++++++---- metadata.json | 2 +- ...sequential-ip-configurable-739924e5ee69a51d.yaml | 7 +++++++ ...sq-uefi-ipxe-boot-filename-83fefc1e48ea7f4f.yaml | 8 ++++++++ spec/classes/ironic_inspector_spec.rb | 15 +++++++++++++++ templates/inspector_dnsmasq_http.erb | 6 ++++-- templates/inspector_dnsmasq_tftp.erb | 2 ++ 10 files changed, 69 insertions(+), 15 deletions(-) From no-reply at openstack.org Mon Jan 10 11:22:40 2022 From: no-reply at openstack.org (no-reply at openstack.org) Date: Mon, 10 Jan 2022 11:22:40 -0000 Subject: [release-announce] neutron 19.1.0 (xena) Message-ID: We are psyched to announce the release of: neutron 19.1.0: OpenStack Networking This release is part of the xena stable release series. The source is available from: https://opendev.org/openstack/neutron Download the package from: https://tarballs.openstack.org/neutron/ Please report issues through: https://bugs.launchpad.net/neutron/+bugs For more details, please see below. 19.1.0 ^^^^^^ Bug Fixes * The agent reporting state to the server now uses a RPC timeout set to the report_interval configuration option value. See 1948676 (https://bugs.launchpad.net/neutron/+bug/1948676). Changes in neutron 19.0.0..19.1.0 --------------------------------- e22463d768 Change tobiko CI job in the periodic queue ef1ec89fbc Recheck irrelevant files 8e31e5aa9c Add Chassis creation wait event in "TestAgentMonitor" 3e9dcaee50 Check subnet in "_remove_subnet_dhcp_options" fe9f9d46f5 Tweak port metadata test to be more reliable 0e4788648f Missing OvS DPDK nodes in ovn-controllers 6da4432fed [OVN] Accept OVS system-id as non UUID formatted string fd8fcaa45a Don't fail subnet validation if gw_ip is actually not changed c73fc94204 Do not announce any DNS resolver if "0.0.0.0" or "::" provided 05666791e1 Remove the expired reservations in a separate DB transaction 72b9bee2b0 ovn: update ACL actions on stateful field change cdf30d3e33 Bump OVN version for functional job to 21.06 2fcf48260a [OVS] Workaround when OpenFlow controller restarts dcb372b041 Avoid writing segments to the DB repeatedly 893e321b3e Do no use "--strict" for OF deletion in TRANSIENT_TABLE c8209eb1ee [OVN] Fix gateway_mtu option should not always be set d49797b1f4 [OVS][FW] Initialize ConjIdMap._max_id depending on the current OFs 3bc100140f Set report_interval to 0 for ovs agent unit tests 6b270bd6f8 [ovn] Add timeout option to ovsdb-client command 8c5fd8e656 Enhanced set of warnings if an answers file or a templates directory is used. 0082d93f17 Remove some scenario jobs from the check and gate queues dd89a0748c [OVN] Fix deadlock in neutron_ovn_db_sync_util.py 8cc9ead919 ovn: Filter ACL columns when syncing the DB e0a22fc6f7 [OVS][QOS] Dataplane enforcement is limited to min-bw egress direction f5858cd621 Check interface presence in new namespace 78bc1f6fec [OVN] Fix port disable security dead when run neutron-ovn-db-sync-util 084d210d10 [OVN] Execute OVN migration transactions independently 785ce06b3d Execute "migrate_neutron_database_to_ovn" inside the same DB ctx 1c17019f6c Cleanup router for which processing added router failed 7b2b695971 [DVR] Fix update of the MTU in the DVR HA routers c05d07bd8f Check a namespace existence by checking only its own directory 0a945f626f Don't setup bridge controller if it is already set 551d36362a Set RPC timeout in PluginReportStateAPI to report_interval d86a3cdfe7 Fix OVN migration workload creation order e91b0d07e3 [OVN Migration] Remove trunk's subports from the nodes 2c4ab468ae Delete log entries when SG or port is deleted a8a099f069 [OVN Migration] Remove qr and dhcp ports from the nodes 5c9c366376 [ovn] Stop monitoring the SB MAC_Binding table to reduce mem footprint 62cd864e38 [ovn] Add logs for ovs to ovn migration 987f0689ea [OVN] Tune OVN routers to reduce the mem footprint for ML2/OVN ffee915f11 Fix OVN driver validating Geneve max_header_size cb15948fa9 [OVN] Allow IP allocation with different segments for OVN service ports 45f070baa1 [OVN] Update the DHCP options when the metadata port is modified 8701c46225 Fix "_sync_metadata_ports" with no DHCP subnets 1f19093f04 [OVN] Set NB/SB "connection" inactivity probe d4ddc9954d [DVR] Check if SNAT iptables manager is initialized Diffstat (except docs and test files) ------------------------------------- .../contributor/testing/ci_scenario_jobs.rst | 2 - neutron/agent/common/ovs_lib.py | 19 +- neutron/agent/l3/agent.py | 32 +++- neutron/agent/l3/dvr_edge_ha_router.py | 20 ++ neutron/agent/l3/dvr_edge_router.py | 16 +- neutron/agent/l3/ha_router.py | 10 +- neutron/agent/linux/dhcp.py | 6 +- neutron/agent/linux/ip_lib.py | 15 +- .../agent/linux/openvswitch_firewall/firewall.py | 104 +++++++---- neutron/agent/ovn/metadata/agent.py | 16 +- neutron/agent/rpc.py | 4 +- neutron/cmd/ovn/neutron_ovn_db_sync_util.py | 1 + neutron/common/ovn/acl.py | 18 +- neutron/common/ovn/utils.py | 42 +++++ neutron/common/utils.py | 7 + neutron/db/agents_db.py | 4 +- neutron/db/db_base_plugin_v2.py | 11 +- neutron/db/ipam_pluggable_backend.py | 3 +- neutron/db/quota/api.py | 6 +- neutron/db/quota/driver_nolock.py | 27 ++- neutron/objects/ports.py | 18 ++ neutron/objects/trunk.py | 12 ++ .../agent/extension_drivers/qos_driver.py | 6 +- .../agent/openflow/native/ovs_bridge.py | 10 +- neutron/plugins/ml2/drivers/ovn/db_migration.py | 106 +++++++---- .../ml2/drivers/ovn/mech_driver/mech_driver.py | 63 ++++++- .../drivers/ovn/mech_driver/ovsdb/impl_idl_ovn.py | 2 +- .../drivers/ovn/mech_driver/ovsdb/maintenance.py | 26 +++ .../drivers/ovn/mech_driver/ovsdb/ovn_client.py | 118 ++++++++---- .../drivers/ovn/mech_driver/ovsdb/ovn_db_sync.py | 12 +- .../drivers/ovn/mech_driver/ovsdb/ovsdb_monitor.py | 2 +- neutron/privileged/agent/linux/utils.py | 10 +- neutron/services/logapi/common/db_api.py | 26 +-- neutron/services/logapi/common/sg_callback.py | 2 +- .../logapi/drivers/openvswitch/ovs_firewall_log.py | 2 +- neutron/services/logapi/logging_plugin.py | 22 ++- neutron/services/segments/db.py | 5 + .../ovn/mech_driver/ovsdb/test_ovsdb_monitor.py | 73 +++++--- .../drivers/ovn/mech_driver/test_mech_driver.py | 200 ++++++++++++++++++++ .../linux/openvswitch_firewall/test_firewall.py | 84 ++++++++- .../agent/openflow/native/ovs_bridge_test_base.py | 37 +++- .../openvswitch/agent/test_ovs_neutron_agent.py | 4 + .../ovn/mech_driver/ovsdb/test_impl_idl_ovn.py | 4 +- .../ovn/mech_driver/ovsdb/test_maintenance.py | 28 +++ .../drivers/ovn/mech_driver/test_mech_driver.py | 206 +++++++++++++++------ .../unit/services/logapi/common/test_db_api.py | 93 ++++++---- .../drivers/openvswitch/test_ovs_firewall_log.py | 8 + .../unit/services/logapi/test_logging_plugin.py | 22 --- ...imeout-to-report_interval-1265a70b0728e08c.yaml | 5 + .../tripleo_environment/ovn_migration.sh | 47 +++-- .../roles/migration/tasks/cleanup-dataplane.yml | 17 +- .../create/templates/create-resources.sh.j2 | 12 +- zuul.d/base.yaml | 15 +- zuul.d/grenade.yaml | 6 +- zuul.d/project.yaml | 12 +- zuul.d/rally.yaml | 4 +- zuul.d/tempest-multinode.yaml | 90 +-------- zuul.d/tempest-singlenode.yaml | 5 +- zuul.d/tripleo.yaml | 2 + 76 files changed, 1653 insertions(+), 578 deletions(-) From no-reply at openstack.org Thu Jan 13 11:57:01 2022 From: no-reply at openstack.org (no-reply at openstack.org) Date: Thu, 13 Jan 2022 11:57:01 -0000 Subject: [release-announce] octavia 7.1.2 (victoria) Message-ID: We are amped to announce the release of: octavia 7.1.2: OpenStack Octavia Scalable Load Balancer as a Service This release is part of the victoria stable release series. The source is available from: https://opendev.org/openstack/octavia Download the package from: https://pypi.org/project/octavia Please report issues through: https://storyboard.openstack.org/#!/project/908 For more details, please see below. 7.1.2 ^^^^^ Bug Fixes * Fixed an issue with batch member updates, that don't have any changes, not properly rolling back the update. * Disable conntrack for TCP flows in the Amphora, it reduces memory usage for HAProxy-based listeners and prevents some kernel warnings about dropped packets. * Fixed an issue that an amphorav2 LB cannot be reached after loadbalancer failover. The LB security group was not set in the amphora port. * Fixes an issue where provider drivers may not decrement the load balancer objects quota on delete. * Fixes loadbalancer creation failure when one of the listener port matches with the octavia generated peer ports and the allowed_cidr is explicitly set to 0.0.0.0/0 on the listener. This is due to creation of two security group rules with remote_ip_prefix as None and remote_ip_prefix as 0.0.0.0/0 which neutron rejects the second request with security group rule already exists. * Fix an issue with the rsyslog configuration file in the Amphora when the log offloading feature and the local log storage feature are both disabled. * Fix a serialization error when using host_routes in VIP subnets when persistence in the amphorav2 driver is enabled. * Some IPv6 UDP members were incorrectly marked in ERROR status, because of a formatting issue while generating the health message in the amphora. * Fixed MAX_TIMEOUT for timeout_client_data, timeout_member_connect, timeout_member_data, timeout_tcp_inspect API listener. The value was reduced from 365 days to 24 days, which now does not exceed the value of the data type in DB. * Fixed an issue with the "lo" interface in the "amphora-haproxy" network namespace. The "lo" interface was down and prevented haproxy to communicate with other haproxy processes (for persistent stick tables) on configuration change. It delayed old haproxy worker cleanup and increased the memory consumption usage after reloading the configuration. * Increase the limit value for nr_open and file-max in the amphora, the new value is based on what HAProxy 2.x is expecting from the system with the greatest maxconn value that Octavia can set. * Fix an issue with the provisioning status of a load balancer that was set to ERROR too early when an error occurred, making the load balancer mutable while the execution of the tasks for this resources haven't finished yet. * Fix an issue that could set the provisioning status of a load balancer to a PENDING_UPDATE state when an error occurred in the amphora failover flow. * Fix load balancers that use customized host_routes in the VIP or the member subnets in amphorav2. * Fix weighted round-robin for UDP listeners with keepalived and lvs. The algorithm must be specified as 'wrr' in order for weighted round-robin to work correctly, but was being set to 'rr'. * Fixed the healthcheck endpoint always querying the backends by caching results for a configurable time. The default is five seconds. Changes in octavia 7.1.1..7.1.2 ------------------------------- de20868a Fix LB set in ERROR too early in MapLoadbalancerToAmphora 17f2c674 Fix LB set in ERROR too early in the revert flow e3026d35 Fix failover of az-specific loadbalancers 4703bebd Fix management network selection when calculating deltas 061ca287 Fix using host_routes in VIP subnet with amphorav2 c0ad3b34 Disable conntrack for TCP flows in the amphora f7dde919 Fix duplicate SG creation for listener peer port b94493eb Fix MAX_TIMEOUT value for listener 80ff90e3 Fix periodic image builder jobs bf012c2c Fix PlugVIPAmphora revert function in amphorav2 c177987f Update nr_open limit value in the amphora 18413fab Add caps for pip-extra-reqs/pip-missing-reqs 739be788 Fix race conditions between API and worker DB calls 74c0ff2a Enable lo interface in the amphora-haproxy netns ee7b2621 Add amphora_id in store params for failover_amphora d69d0666 Fix comment for the ca_certificates_file opt 37b15da4 Optimize CountPoolChildrenForQuota task in amphorav2 bbb203a2 Fix task_flow.max_workers with persistence in amphorav2 2195a45a Fix rsyslog configuration when disabling logs 93ec146a Fix jobboard_enabled setting in devstack 5d49484e Fix devstack cleanup when using amphorav2 a139d2f9 Fix using subnets with host_routes in amphorav2 driver 582b4bab Make /healthcheck cache results 7ab43edc Cap hacking 1cb53e14 Fix empty Batch Member Update to unlock objects c7640b90 Fix weighted round-robin about UDP listener e3b68219 Fix LB failover for amphorav2: set security group 8b210bb5 Fix incorrect ERROR status with IPv6 UDP members 0a8254e0 Fix provider driver quota handling Diffstat (except docs and test files) ------------------------------------- devstack/plugin.sh | 12 +- .../static/usr/local/bin/udp-masquerade.sh | 27 +++++ .../post-install.d/20-haproxy-tune-kernel | 4 +- etc/octavia.conf | 19 ++- .../amphorae/backends/agent/api_server/osutils.py | 2 +- .../api_server/templates/amphora-netns.systemd.j2 | 4 + .../agent/api_server/templates/systemd.conf.j2 | 2 +- .../amphorae/backends/utils/keepalivedlvs_query.py | 13 ++- octavia/api/drivers/amphora_driver/v1/driver.py | 11 +- octavia/api/drivers/amphora_driver/v2/driver.py | 11 +- octavia/api/drivers/driver_agent/driver_updater.py | 43 ++++++- octavia/api/healthcheck/healthcheck_plugins.py | 23 +++- octavia/api/v2/controllers/member.py | 6 + octavia/common/base_taskflow.py | 5 +- octavia/common/config.py | 6 +- octavia/common/constants.py | 4 +- .../logging/templates/10-rsyslog.conf.template | 5 + octavia/common/jinja/lvs/jinja_cfg.py | 2 +- .../worker/v1/tasks/amphora_driver_tasks.py | 8 -- .../controller/worker/v1/tasks/database_tasks.py | 51 +------- .../controller/worker/v1/tasks/network_tasks.py | 8 +- octavia/controller/worker/v2/controller_worker.py | 60 ++++++++-- .../controller/worker/v2/flows/amphora_flows.py | 4 + .../worker/v2/tasks/amphora_driver_tasks.py | 38 +++--- .../controller/worker/v2/tasks/database_tasks.py | 96 ++------------- .../controller/worker/v2/tasks/network_tasks.py | 13 ++- octavia/db/repositories.py | 10 ++ .../drivers/neutron/allowed_address_pairs.py | 17 ++- .../backend/agent/api_server/test_keepalivedlvs.py | 2 +- .../backends/utils/test_keepalivedlvs_query.py | 29 ++++- .../amphora_driver/v1/test_amphora_driver.py | 11 +- .../amphora_driver/v2/test_amphora_driver.py | 11 +- .../drivers/driver_agent/test_driver_updater.py | 66 ++++++++++- .../common/jinja/logging/test_logging_jinja_cfg.py | 38 +++--- .../unit/common/jinja/lvs/test_lvs_jinja_cfg.py | 16 +-- .../sample_configs/sample_configs_combined.py | 4 +- .../common/sample_configs/sample_configs_split.py | 2 +- .../worker/v1/tasks/test_amphora_driver_tasks.py | 37 +----- .../worker/v1/tasks/test_database_tasks.py | 110 ++--------------- .../worker/v1/tasks/test_network_tasks.py | 5 +- .../worker/v2/flows/test_amphora_flows.py | 6 +- .../worker/v2/tasks/test_amphora_driver_tasks.py | 130 +++++++++++++++------ .../worker/v2/tasks/test_database_tasks.py | 125 ++------------------ .../worker/v2/tasks/test_database_tasks_quota.py | 36 +----- .../worker/v2/tasks/test_network_tasks.py | 23 +++- .../controller/worker/v2/test_controller_worker.py | 24 ++-- .../drivers/neutron/test_allowed_address_pairs.py | 30 +++++ playbooks/image-build/run.yaml | 25 +++- ...batch-member-update-issue-09b76787553e7752.yaml | 5 + ...disable-conntrack-for-tcp-01ef6948d99353c2.yaml | 6 + ...phorav2-failover-secgroup-c793de5e00b32653.yaml | 5 + ...ver-agent-decrement-quota-27486d9fa0bdeb89.yaml | 5 + ...fix-duplicate-sg-creation-0c502a5d2d8c276d.yaml | 9 ++ ...x-error-in-rsyslog-config-a316a7856e1a847a.yaml | 5 + ...amphorav2-and-persistence-54b99d651a4ee9c4.yaml | 5 + ...x-ipv6-udp-health-message-ed94b35bbea396ec.yaml | 5 + .../fix-listener-MAX_TIMEOUT-4c4fdf804a96c34b.yaml | 7 ++ ...o-interface-amphora-netns-90fb9934026e1485.yaml | 8 ++ .../fix-nr_open-limit-value-7f475c3e301a608d.yaml | 6 + ...isioning-status-on-errors-7f3736ef6e94d453.yaml | 9 ++ ...net-host_routes-amphorav2-3c079c5a3bfa1b3d.yaml | 5 + .../fix-udp-listener-wrr-50de9dc0774a8ea1.yaml | 6 + .../notes/healthcheck-cache-641f0a64e6f5856c.yaml | 5 + test-requirements.txt | 2 +- tox.ini | 18 ++- 71 files changed, 837 insertions(+), 614 deletions(-) Requirements updates -------------------- diff --git a/test-requirements.txt b/test-requirements.txt index 0a6a27f2..855843c7 100644 --- a/test-requirements.txt +++ b/test-requirements.txt @@ -4 +4 @@ -hacking>=3.0 # Apache-2.0 +hacking>=3.0,<4.1.0 # Apache-2.0 From no-reply at openstack.org Thu Jan 13 12:03:46 2022 From: no-reply at openstack.org (no-reply at openstack.org) Date: Thu, 13 Jan 2022 12:03:46 -0000 Subject: [release-announce] neutron 17.3.0 (victoria) Message-ID: We are excited to announce the release of: neutron 17.3.0: OpenStack Networking This release is part of the victoria stable release series. The source is available from: https://opendev.org/openstack/neutron Download the package from: https://tarballs.openstack.org/neutron/ Please report issues through: https://bugs.launchpad.net/neutron/+bugs For more details, please see below. 17.3.0 ^^^^^^ Bug Fixes * Changes the API behaviour while using OVN driver to enforce that it's not possible to delete all the IPs from a router port. For more info see bug LP#1948457 (https://bugs.launchpad.net/neutron/+bug/1948457) * The agent reporting state to the server now uses a RPC timeout set to the report_interval configuration option value. See 1948676 (https://bugs.launchpad.net/neutron/+bug/1948676). Changes in neutron 17.2.1..17.3.0 --------------------------------- f7f083c9da [OVN] Prevent deleting the only IP of a router port cbf3fe098b [OVN] Fix RowNotFound exception while waiting for metadata networks cff314f92e [stable only][ovn]Update get datapath id to network from Port_Binding c986caa299 [OVN] Update check_for_mcast_flood_reports() to check for mcast_flood 993597d998 Reduce log level in "ensure_device_is_ready" 79cdace512 Check subnet in "_remove_subnet_dhcp_options" f830dd3f33 Allocate IPs in bulk requests in separate transactions 533ca2c99c [Functional] Fix expected number of the enqueue_state_change calls 7ace1234cb Fix ObjectChangeHandler thread usage 90156cef69 [Stable only] Fix callback function arguments f6d594a4ae Missing OvS DPDK nodes in ovn-controllers 4bf531448e [OVN] Accept OVS system-id as non UUID formatted string 83bfef7e70 Don't fail subnet validation if gw_ip is actually not changed 8c9c14b6b1 Implement "IPAllocation" router ports allocated retrieval 625fa3a5b2 Do not announce any DNS resolver if "0.0.0.0" or "::" provided 82e2a3d362 bw-limit: Pass int parameters to Open vSwitch c68ce94f01 [stable-only] "_clean_logs_by_target_id" to use old notifications f35a0a06e5 [OVS] Workaround when OpenFlow controller restarts ed7bfa11de Avoid writing segments to the DB repeatedly e1791dee93 Do no use "--strict" for OF deletion in TRANSIENT_TABLE c95292c075 [OVN] Fix gateway_mtu option should not always be set e7d4b41cf3 [OVS][FW] Initialize ConjIdMap._max_id depending on the current OFs 8439348add Set report_interval to 0 for ovs agent unit tests 37333d3788 [ovn] Add timeout option to ovsdb-client command e97d508caf Enhanced set of warnings if an answers file or a templates directory is used. 31af5c689b ovn: Filter ACL columns when syncing the DB a7e215d258 [OVS][QOS] Dataplane enforcement is limited to min-bw egress direction 2a0f9933a1 Wait until workers have been launched 0d09c9b7c6 Check interface presence in new namespace cb083bdbcf [OVN] Fix port disable security dead when run neutron-ovn-db-sync-util 7ae03f1eb6 Cleanup router for which processing added router failed ee62d5b01a Set RPC timeout in PluginReportStateAPI to report_interval 40f2ec340c [DVR] Fix update of the MTU in the DVR HA routers 6a9c05a924 Check a namespace existence by checking only its own directory 18c1795e88 Don't setup bridge controller if it is already set 5f5f2e073a Fix OVN migration workload creation order 3ac4461552 [ovn] Stop monitoring the SB MAC_Binding table to reduce mem footprint 4adf408658 [OVN Migration] Remove trunk's subports from the nodes 7790cecfc8 Delete log entries when SG or port is deleted fa102252a5 [OVN Migration] Remove qr and dhcp ports from the nodes 34c3ec244e [OVN] Tune OVN routers to reduce the mem footprint for ML2/OVN 763a65d963 [DVR] Fix update of the MTU in the SNAT namespace 3e4f18e4df [ovn] Add logs for ovs to ovn migration 018dd8c167 [OVN] Allow IP allocation with different segments for OVN service ports f4dd0b80ac [OVN] Update the DHCP options when the metadata port is modified 41da1a1eb9 [DVR] Check if SNAT iptables manager is initialized 0a43eed0fa [OVN] Set NB/SB "connection" inactivity probe 992496c8b5 Fix "_sync_metadata_ports" with no DHCP subnets 4300619ad1 [DVR] Set arp entries only for single IPs given as allowed addr pair c0147aa0b9 Replace cirros 0.4.0 by 0.5.2 in ovn migration create-resources.sh.j2 144f3aa60f Remove dhcp_extra_opt name after first newline character 9d6aaff9a1 Delete SG log entries when SG is deleted db2c8fd978 [ovn] metadata functional tests don't support Chassis_Private b4ad1a2775 Populate self.floating_ips_dict using "ip rule" information 5049a8faf1 Revert "[L3][HA] Retry when setting HA router GW status." be6872be5a Fix neutron_pg_drop-related startup issues c869283361 [Functional] Wait for the initial state of ha router before test e07b66e710 VLAN "allocate_partially_specified_segment" can return any physnet ab56a5cd65 Randomize segmentation ID assignation 94a702791c Make test_throttler happy 33d489cb78 Ensure net dict has provider info on precommit delete 78e200268f Skip FIP check if VALIDATE_MIGRATION is not True 79529fde18 Skip DVR binding for ports with invalid OFPORT 05d0bc6d50 [L3] Use processing queue for network update events Diffstat (except docs and test files) ------------------------------------- neutron/agent/common/ovs_lib.py | 29 +++- neutron/agent/l3/agent.py | 182 +++++++++++-------- neutron/agent/l3/dvr_edge_ha_router.py | 20 +++ neutron/agent/l3/dvr_edge_router.py | 23 ++- neutron/agent/l3/dvr_local_router.py | 96 +++++++--- neutron/agent/l3/fip_rule_priority_allocator.py | 3 + neutron/agent/l3/ha_router.py | 22 +-- neutron/agent/l3/router_info.py | 13 +- neutron/agent/linux/dhcp.py | 7 +- neutron/agent/linux/interface.py | 12 +- neutron/agent/linux/ip_lib.py | 19 +- .../agent/linux/openvswitch_firewall/firewall.py | 104 ++++++----- neutron/agent/ovn/metadata/agent.py | 20 ++- neutron/agent/rpc.py | 4 +- neutron/common/ovn/utils.py | 42 +++++ neutron/common/utils.py | 24 +++ neutron/db/agents_db.py | 4 +- neutron/db/db_base_plugin_v2.py | 22 +-- neutron/db/ipam_pluggable_backend.py | 53 ++++-- neutron/objects/plugins/ml2/base.py | 10 +- neutron/objects/ports.py | 15 ++ neutron/plugins/ml2/drivers/helpers.py | 12 +- .../agent/extension_drivers/qos_driver.py | 6 +- .../agent/openflow/native/ovs_bridge.py | 10 +- .../openvswitch/agent/ovs_dvr_neutron_agent.py | 7 +- .../ml2/drivers/ovn/mech_driver/mech_driver.py | 50 +++++- .../drivers/ovn/mech_driver/ovsdb/impl_idl_ovn.py | 27 ++- .../drivers/ovn/mech_driver/ovsdb/maintenance.py | 39 ++++- .../drivers/ovn/mech_driver/ovsdb/ovn_client.py | 120 +++++++++---- .../drivers/ovn/mech_driver/ovsdb/ovn_db_sync.py | 12 +- .../drivers/ovn/mech_driver/ovsdb/ovsdb_monitor.py | 10 +- neutron/plugins/ml2/ovo_rpc.py | 102 +++++++---- neutron/plugins/ml2/plugin.py | 79 ++++++--- neutron/privileged/agent/linux/utils.py | 10 +- neutron/services/logapi/common/db_api.py | 34 ++-- neutron/services/logapi/common/sg_callback.py | 3 +- .../logapi/drivers/openvswitch/ovs_firewall_log.py | 2 +- neutron/services/logapi/logging_plugin.py | 26 +++ neutron/services/ovn_l3/plugin.py | 25 ++- neutron/services/segments/db.py | 5 + .../functional/agent/l3/test_legacy_router.py | 36 +++- .../agent/ovn/metadata/test_metadata_agent.py | 27 ++- .../functional/objects/plugins/ml2/__init__.py | 0 .../functional/objects/plugins/ml2/test_base.py | 90 ++++++++++ .../objects/plugins/ml2/test_geneveallocation.py | 26 +++ .../objects/plugins/ml2/test_greallocation.py | 26 +++ .../objects/plugins/ml2/test_vlanallocation.py | 26 +++ .../objects/plugins/ml2/test_vxlanallocation.py | 26 +++ .../drivers/ovn/mech_driver/ovsdb/test_impl_idl.py | 4 +- .../ovn/mech_driver/ovsdb/test_ovsdb_monitor.py | 68 +++++--- .../drivers/ovn/mech_driver/test_mech_driver.py | 143 +++++++++++++++ .../linux/openvswitch_firewall/test_firewall.py | 84 +++++++-- .../agent/openflow/native/ovs_bridge_test_base.py | 33 +++- .../openvswitch/agent/test_ovs_neutron_agent.py | 4 + .../ovn/mech_driver/ovsdb/test_impl_idl_ovn.py | 52 +++++- .../ovn/mech_driver/ovsdb/test_maintenance.py | 53 +++++- .../drivers/ovn/mech_driver/test_mech_driver.py | 193 +++++++++++++++------ .../unit/plugins/ml2/drivers/test_type_vlan.py | 14 +- .../unit/services/logapi/common/test_db_api.py | 93 ++++++---- .../drivers/openvswitch/test_ovs_firewall_log.py | 8 + .../notes/bug-817525-eef68687dafa97fd.yaml | 6 + ...imeout-to-report_interval-1265a70b0728e08c.yaml | 5 + .../templates/create-resources.sh.j2 | 6 +- .../tripleo_environment/ovn_migration.sh | 48 +++-- .../roles/migration/tasks/cleanup-dataplane.yml | 17 +- .../create/templates/create-resources.sh.j2 | 18 +- 91 files changed, 2533 insertions(+), 711 deletions(-) From no-reply at openstack.org Thu Jan 13 12:14:06 2022 From: no-reply at openstack.org (no-reply at openstack.org) Date: Thu, 13 Jan 2022 12:14:06 -0000 Subject: [release-announce] neutron 18.2.0 (wallaby) Message-ID: We are satisfied to announce the release of: neutron 18.2.0: OpenStack Networking This release is part of the wallaby stable release series. The source is available from: https://opendev.org/openstack/neutron Download the package from: https://tarballs.openstack.org/neutron/ Please report issues through: https://bugs.launchpad.net/neutron/+bugs For more details, please see below. 18.2.0 ^^^^^^ Bug Fixes * Changes the API behaviour while using OVN driver to enforce that it's not possible to delete all the IPs from a router port. For more info see bug LP#1948457 (https://bugs.launchpad.net/neutron/+bug/1948457) * The agent reporting state to the server now uses a RPC timeout set to the report_interval configuration option value. See 1948676 (https://bugs.launchpad.net/neutron/+bug/1948676). Changes in neutron 18.1.1..18.2.0 --------------------------------- 0793a9ee6d Change tobiko CI job in the periodic queue 30e4bfbeaf [OVN] Update check_for_mcast_flood_reports() to check for mcast_flood 34b4a8d5c8 [OVN] Prevent deleting the only IP of a router port 6a9e52a80c Add Chassis creation wait event in "TestAgentMonitor" 1aba78896b Check subnet in "_remove_subnet_dhcp_options" 5e30cb5e24 Allocate IPs in bulk requests in separate transactions 39b138ca26 [Functional] Fix expected number of the enqueue_state_change calls 45aaeb82c8 Tweak port metadata test to be more reliable bf87e8e231 Fix ObjectChangeHandler thread usage adbcc77a3f [Stable only] Fix callback function arguments 21bdd4d597 Missing OvS DPDK nodes in ovn-controllers b07eeb2789 [OVN] Accept OVS system-id as non UUID formatted string 7ab37e92b8 Don't fail subnet validation if gw_ip is actually not changed 173fa98f9e Do not announce any DNS resolver if "0.0.0.0" or "::" provided aaa0e99bac [stable-only] "_clean_logs_by_target_id" to use old notifications cc0d42e0df [OVS] Workaround when OpenFlow controller restarts 0c909e3b55 Avoid writing segments to the DB repeatedly 38551777e0 bw-limit: Pass int parameters to Open vSwitch 0db5334ccf Do no use "--strict" for OF deletion in TRANSIENT_TABLE ee0aeb1f63 [OVN] Fix gateway_mtu option should not always be set 4baa225e75 [OVS][FW] Initialize ConjIdMap._max_id depending on the current OFs 3762c46d8a Set report_interval to 0 for ovs agent unit tests 15259ee427 [OVN] External network ports (SR-IOV) QoS is handled by SR-IOV agent f37e0be349 [ovn] Add timeout option to ovsdb-client command 10cb197c10 Enhanced set of warnings if an answers file or a templates directory is used. f89df138b5 ovn: Filter ACL columns when syncing the DB a91f5784d7 [OVS][QOS] Dataplane enforcement is limited to min-bw egress direction f09e8546a2 Wait until workers have been launched 9c41365041 Check interface presence in new namespace 32cc39663a [OVN] Fix port disable security dead when run neutron-ovn-db-sync-util 8c663c5a2a [OVN] Execute OVN migration transactions independently 98e98f995c Execute "migrate_neutron_database_to_ovn" inside the same DB ctx 7486374ba3 Cleanup router for which processing added router failed 7f9a3f3293 Set RPC timeout in PluginReportStateAPI to report_interval 3ad894e032 [DVR] Fix update of the MTU in the DVR HA routers f95f2ed42a Check a namespace existence by checking only its own directory b1eccf5a2d Don't setup bridge controller if it is already set fbf8cb9347 Fix OVN migration workload creation order 53ca3851bf [OVN Migration] Remove trunk's subports from the nodes dbde4d9979 Move dns-integration extension to the ML2_SUPPORTED_API_EXTENSIONS list d5fd9f035a Delete log entries when SG or port is deleted 9a3f0b3760 [OVN Migration] Remove qr and dhcp ports from the nodes 1a9db2168a [ovn] Stop monitoring the SB MAC_Binding table to reduce mem footprint 13c0287ac7 [OVN] Change ControllerAgent type dinamically df4330338f [OVN] "ControllerAgent" should accept Chassis and Chassis_Private 9365bbd19f [OVN] Tune OVN routers to reduce the mem footprint for ML2/OVN 67c9a305df [DVR] Fix update of the MTU in the SNAT namespace 4776be7cd1 [ovn] Add logs for ovs to ovn migration f5ea47b095 [stable only][ovn]Update get datapath id to network from Port_Binding 39164c0370 [OVN] Allow IP allocation with different segments for OVN service ports 7efce62b4f [OVN] Update the DHCP options when the metadata port is modified fe9e596d3e Fix "_sync_metadata_ports" with no DHCP subnets f8aefd600b [OVN] Set NB/SB "connection" inactivity probe b9143c37e0 [DVR] Check if SNAT iptables manager is initialized 5418912b70 [DVR] Set arp entries only for single IPs given as allowed addr pair d2b28dee76 Replace cirros 0.4.0 by 0.5.2 in ovn migration create-resources.sh.j2 9651116667 [Docs] Ovn backend now supports FIP QoS bandwdith limiting 073c5f87e5 Remove dhcp_extra_opt name after first newline character e9539d63a9 Delete SG log entries when SG is deleted da74b253ad [ovn] metadata functional tests don't support Chassis_Private f2f7602de7 Populate self.floating_ips_dict using "ip rule" information b3a70fe753 Revert "[L3][HA] Retry when setting HA router GW status." 651fce3fba Fix neutron_pg_drop-related startup issues 39a2e5e4f2 [Functional] Wait for the initial state of ha router before test c823bc3294 VLAN "allocate_partially_specified_segment" can return any physnet a981849c81 Ensure net dict has provider info on precommit delete c26296d802 Skip FIP check if VALIDATE_MIGRATION is not True 8d522fe361 Add port status to information dictionary in agent RPC 604b055c71 [L3] Use processing queue for network update events Diffstat (except docs and test files) ------------------------------------- neutron/agent/common/ovs_lib.py | 29 ++- neutron/agent/l3/agent.py | 182 +++++++++++------- neutron/agent/l3/dvr_edge_ha_router.py | 20 ++ neutron/agent/l3/dvr_edge_router.py | 23 ++- neutron/agent/l3/dvr_local_router.py | 96 +++++++--- neutron/agent/l3/fip_rule_priority_allocator.py | 3 + neutron/agent/l3/ha_router.py | 22 ++- neutron/agent/l3/router_info.py | 13 +- neutron/agent/linux/dhcp.py | 7 +- neutron/agent/linux/interface.py | 12 +- neutron/agent/linux/ip_lib.py | 15 +- .../agent/linux/openvswitch_firewall/firewall.py | 104 +++++++---- neutron/agent/ovn/metadata/agent.py | 16 +- neutron/agent/rpc.py | 5 +- neutron/common/ovn/extensions.py | 1 + neutron/common/ovn/utils.py | 75 ++++++++ neutron/common/utils.py | 7 + neutron/db/agents_db.py | 4 +- neutron/db/db_base_plugin_v2.py | 11 +- neutron/db/ipam_pluggable_backend.py | 53 ++++-- neutron/objects/ports.py | 18 ++ neutron/objects/trunk.py | 12 ++ .../agent/extension_drivers/qos_driver.py | 6 +- .../agent/openflow/native/ovs_bridge.py | 10 +- .../plugins/ml2/drivers/ovn/agent/neutron_agent.py | 28 ++- neutron/plugins/ml2/drivers/ovn/db_migration.py | 106 +++++++---- .../ml2/drivers/ovn/mech_driver/mech_driver.py | 55 +++++- .../ovn/mech_driver/ovsdb/extensions/qos.py | 13 +- .../drivers/ovn/mech_driver/ovsdb/impl_idl_ovn.py | 7 +- .../drivers/ovn/mech_driver/ovsdb/maintenance.py | 39 +++- .../drivers/ovn/mech_driver/ovsdb/ovn_client.py | 131 +++++++++---- .../drivers/ovn/mech_driver/ovsdb/ovn_db_sync.py | 12 +- .../drivers/ovn/mech_driver/ovsdb/ovsdb_monitor.py | 29 ++- neutron/plugins/ml2/ovo_rpc.py | 102 ++++++---- neutron/plugins/ml2/plugin.py | 79 +++++--- neutron/privileged/agent/linux/utils.py | 10 +- neutron/services/logapi/common/db_api.py | 34 ++-- neutron/services/logapi/common/sg_callback.py | 3 +- .../logapi/drivers/openvswitch/ovs_firewall_log.py | 2 +- neutron/services/logapi/logging_plugin.py | 26 +++ neutron/services/ovn_l3/plugin.py | 35 ++-- neutron/services/segments/db.py | 5 + .../functional/agent/l3/test_legacy_router.py | 36 +++- .../agent/ovn/metadata/test_metadata_agent.py | 27 ++- .../drivers/ovn/mech_driver/ovsdb/test_impl_idl.py | 4 +- .../ovn/mech_driver/ovsdb/test_ovsdb_monitor.py | 86 +++++++-- .../drivers/ovn/mech_driver/test_mech_driver.py | 145 +++++++++++++++ .../linux/openvswitch_firewall/test_firewall.py | 84 ++++++++- .../agent/openflow/native/ovs_bridge_test_base.py | 37 +++- .../openvswitch/agent/test_ovs_neutron_agent.py | 4 + .../ovn/mech_driver/ovsdb/extensions/test_qos.py | 41 +++- .../ovn/mech_driver/ovsdb/test_impl_idl_ovn.py | 4 +- .../ovn/mech_driver/ovsdb/test_maintenance.py | 53 +++++- .../drivers/ovn/mech_driver/test_mech_driver.py | 206 +++++++++++++++------ .../unit/plugins/ml2/drivers/test_type_vlan.py | 15 +- .../unit/services/logapi/common/test_db_api.py | 93 ++++++---- .../drivers/openvswitch/test_ovs_firewall_log.py | 8 + .../notes/bug-817525-eef68687dafa97fd.yaml | 6 + ...imeout-to-report_interval-1265a70b0728e08c.yaml | 5 + .../templates/create-resources.sh.j2 | 6 +- .../tripleo_environment/ovn_migration.sh | 48 +++-- .../roles/migration/tasks/cleanup-dataplane.yml | 17 +- .../create/templates/create-resources.sh.j2 | 18 +- zuul.d/project.yaml | 2 +- 87 files changed, 2469 insertions(+), 759 deletions(-) From no-reply at openstack.org Mon Jan 17 14:31:53 2022 From: no-reply at openstack.org (no-reply at openstack.org) Date: Mon, 17 Jan 2022 14:31:53 -0000 Subject: [release-announce] oslo.policy 3.7.1 (wallaby) Message-ID: We jubilantly announce the release of: oslo.policy 3.7.1: Oslo Policy library This release is part of the wallaby stable release series. The source is available from: https://opendev.org/openstack/oslo.policy Download the package from: https://pypi.org/project/oslo.policy Please report issues through: https://bugs.launchpad.net/oslo.policy/+bugs For more details, please see below. 3.7.1 ^^^^^ Bug Fixes * Fixes the mapping of 'system_scope' to 'system' when enforce is called with a 'creds' dictionary instead of a RequestContext. Changes in oslo.policy 3.7.0..3.7.1 ----------------------------------- 639b471 Map system_scope in creds dictionary 4fe282b Update TOX_CONSTRAINTS_FILE for stable/wallaby 9784aa5 Update .gitreview for stable/wallaby 90b2d24 Move flake8 as a pre-commit local target. Diffstat (except docs and test files) ------------------------------------- .gitreview | 1 + .pre-commit-config.yaml | 12 ++++++--- oslo_policy/policy.py | 22 +++++++-------- ...stem-scope-for-creds-dict-e4cbec2f7495f22e.yaml | 5 ++++ tox.ini | 2 +- 6 files changed, 40 insertions(+), 33 deletions(-) From no-reply at openstack.org Mon Jan 17 14:36:50 2022 From: no-reply at openstack.org (no-reply at openstack.org) Date: Mon, 17 Jan 2022 14:36:50 -0000 Subject: [release-announce] debtcollector 2.4.0 Message-ID: We jubilantly announce the release of: debtcollector 2.4.0: A collection of Python deprecation patterns and strategies that help you collect your technical debt in a non- destructive manner. The source is available from: https://opendev.org/openstack/debtcollector Download the package from: https://pypi.org/project/debtcollector For more details, please see below. Changes in debtcollector 2.3.0..2.4.0 ------------------------------------- 2d4025b Remove unnecessary 'coding' lines d0b61a6 Remove six aa426ab Restore reproducibility in docs Diffstat (except docs and test files) ------------------------------------- debtcollector/__init__.py | 2 -- debtcollector/_utils.py | 19 ++++--------------- debtcollector/fixtures/disable.py | 2 -- debtcollector/moves.py | 8 +++----- debtcollector/removals.py | 5 ++--- debtcollector/renames.py | 2 -- debtcollector/updating.py | 2 -- releasenotes/source/conf.py | 1 - requirements.txt | 1 - 11 files changed, 10 insertions(+), 38 deletions(-) Requirements updates -------------------- diff --git a/requirements.txt b/requirements.txt index ae353a3..8e9f61c 100644 --- a/requirements.txt +++ b/requirements.txt @@ -7 +6,0 @@ importlib_metadata>=1.7.0;python_version<'3.8' # Apache-2.0 -six>=1.10.0 # MIT From no-reply at openstack.org Mon Jan 17 14:39:28 2022 From: no-reply at openstack.org (no-reply at openstack.org) Date: Mon, 17 Jan 2022 14:39:28 -0000 Subject: [release-announce] magnum 12.1.0 (wallaby) Message-ID: We are pleased to announce the release of: magnum 12.1.0: Container Management project for OpenStack This release is part of the wallaby stable release series. The source is available from: https://opendev.org/openstack/magnum Download the package from: https://tarballs.openstack.org/magnum/ Please report issues through: https://bugs.launchpad.net/magnum/+bugs For more details, please see below. 12.1.0 ^^^^^^ New Features * Support *hyperkube_prefix* label which defaults to k8s.gcr.io/. Users now have the option to define alternative hyperkube image source since the default source has discontinued publication of hyperkube images for *kube_tag* greater than 1.18.x. Note that if *container_infra_prefix* label is define, it still takes precedence over this label. Changes in magnum 12.0.0..12.1.0 -------------------------------- e750a526 Refix --registry-enabled 1241eb58 Update TOX_CONSTRAINTS_FILE for stable/wallaby 9640d81f Update .gitreview for stable/wallaby 31b0aec5 [fix] Detect virtio-scsi volumes correctly 5dfe6e0e Download correct cri-containerd-cni tarball c2a1dea1 Add cloud-provider flag to openstack cloud control manager 231a382a Revert "[K8S] Enable --use-service-account-credentials" e3f22995 [hca] Use wallaby-stable-1 as default HCA tag 1ef305f4 Support hyperkube_prefix label Diffstat (except docs and test files) ------------------------------------- .gitreview | 1 + .../fragments/configure-docker-registry.sh | 2 +- .../fragments/configure-docker-storage.sh | 2 +- .../templates/fragments/enable-docker-registry.sh | 14 ++++----- .../kubernetes/fragments/configure-etcd.sh | 2 +- .../fragments/configure-kubernetes-master.sh | 12 ++++---- .../fragments/configure-kubernetes-minion.sh | 4 +-- .../kubernetes/fragments/enable-services-master.sh | 2 +- .../kubernetes/fragments/install-clients.sh | 2 +- .../templates/kubernetes/fragments/install-cri.sh | 2 +- .../fragments/kube-apiserver-to-kubelet-role.sh | 7 +++++ .../kubernetes/fragments/upgrade-kubernetes.sh | 6 ++-- .../fragments/write-heat-params-master.sh | 1 + .../kubernetes/fragments/write-heat-params.sh | 3 ++ magnum/drivers/heat/k8s_fedora_template_def.py | 1 + .../templates/kubecluster.yaml | 15 +++++++--- .../k8s_fedora_atomic_v1/templates/kubemaster.yaml | 5 ++++ .../k8s_fedora_atomic_v1/templates/kubeminion.yaml | 7 +++++ .../templates/kubecluster.yaml | 23 +++++++++------ .../k8s_fedora_coreos_v1/templates/kubemaster.yaml | 5 ++++ .../k8s_fedora_coreos_v1/templates/kubeminion.yaml | 7 +++++ playbooks/container-builder-vars.yaml | 3 +- playbooks/container-builder.yaml | 33 +++++++++++++--------- .../notes/hyperkube-prefix-01b9a5f4664edc90.yaml | 8 ++++++ tox.ini | 2 +- 27 files changed, 140 insertions(+), 57 deletions(-) From no-reply at openstack.org Tue Jan 18 10:05:42 2022 From: no-reply at openstack.org (no-reply at openstack.org) Date: Tue, 18 Jan 2022 10:05:42 -0000 Subject: [release-announce] tripleo-common 16.3.0 Message-ID: We are psyched to announce the release of: tripleo-common 16.3.0: A common library for TripleO workflows. The source is available from: https://opendev.org/openstack/tripleo-common Download the package from: https://tarballs.openstack.org/tripleo-common/ For more details, please see below. Changes in tripleo-common 16.2.0..16.3.0 ---------------------------------------- c09ef2c9 Add ceph_spec library to tripleo-common 6688b562 Don't enable module stream in rhel9 534f7f75 Remove /etc/yum.repos.d/ubi.repo 6e034802 Remove redhat-release only if installed 6de1ac30 remove remove-machine-id element e939a0e4 Remove additional patching to use gitpython with eventlet f442bcad Use Python3 yoga unit tests 7a7a2a13 Remove workaround for tempest sudoers fbf7abfd Bump Ceph container daemons to v6.0.6 b80b98ff Add tempest to sudoers for tempest container image f256ac8e Remove unused tripleo_common.utils.keystone 8a7f0932 Remove unused tripleo_common.utils.time_functions 6a34b529 Stop creating manifest .htaccess 98aa48e8 Install curl for EL8 only 01bfb2b4 Add collectd plugins and related packages 93b44b67 Tidy up config image declarations 62713d73 Removing erlang-hipe 6a4c8836 task-core file generation 0fbb8e4f Remove memcachec from containers 02c44076 Running ansible-config before writing default config 4fb684e6 Disable ubi repos during container builds cc2a6457 Deactivate LV's before disconnecting nbd device 9fb5649f Add an API config image heat variable 5439651d Add designate dashboard to the horizon container f8eeb0dd Fix namespace-less containers in image-serve 2b4dd668 [EL8] Add nodejs:14 module stream 9c479d28 [CS9] Rework dnf modules 96a715e6 Trivial: fix conditional whitespace f9377d06 Fix permissions for deployments 25f97d8e Delete overcloud-hardened-full image definitions 78f5d7b6 Add ipa client to tripleoclient container 170bb80a Include qdrouterd packages on EL9 6579b685 Fix the help output for tripleo-mount-image 031ba553 [EL9] Switch to mariadb:10.5 module f558eaa7 Update tcib for CentOS Stream 9 cd5c9544 add kernel-modules-extra in overcloud image needed for HWOL d86b0635 Remove six library b6df8024 [c9] replacing genisoimage with xorriso 23b8327e Remove unused constants for Mistral workflows/actions 6d004924 Remove unused DEFAULT_DEPLOY_*_NAME 20a20ef9 Remove unused TRIPLEO_NETWORK_CONFIG_RESOURCE 95bddb34 Remove unused DEPLOYMENT_STATUS_FILE Diffstat (except docs and test files) ------------------------------------- .../container_image_prepare_defaults.yaml | 2 +- container-images/tcib/base/base.yaml | 50 +++- container-images/tcib/base/collectd/collectd.yaml | 11 +- container-images/tcib/base/mariadb/mariadb.yaml | 2 +- container-images/tcib/base/os/horizon/horizon.yaml | 3 +- .../ironic-conductor/ironic-conductor.yaml | 2 +- .../tcib/base/os/keystone/keystone.yaml | 5 +- .../nova-compute-ironic/nova-compute-ironic.yaml | 2 +- .../os/nova-base/nova-compute/nova-compute.yaml | 6 +- .../os/nova-base/nova-libvirt/nova-libvirt.yaml | 4 +- container-images/tcib/base/os/tempest/tempest.yaml | 3 + .../tcib/base/os/tempest/tempest_sudoers | 1 + container-images/tcib/base/rabbitmq/rabbitmq.yaml | 1 - .../tcib/base/tripleoclient/tripleoclient.yaml | 5 + container-images/tripleo_containers.yaml | 4 +- container-images/tripleo_containers.yaml.j2 | 13 +- image-yaml/overcloud-hardened-images-centos8.yaml | 10 - ...vercloud-hardened-images-python3-rt-kernel.yaml | 43 --- image-yaml/overcloud-hardened-images-rhel8.yaml | 11 - .../overcloud-hardened-images-uefi-centos8.yaml | 4 +- ...ud-hardened-images-uefi-python3-rt-kernel.yaml} | 10 +- .../overcloud-hardened-images-uefi-python3.yaml | 1 - .../overcloud-hardened-images-uefi-rhel8.yaml | 3 +- image-yaml/overcloud-images-centos8.yaml | 2 + image-yaml/overcloud-images-rhel8.yaml | 1 + requirements.txt | 2 - scripts/tripleo-mount-image | 17 +- tripleo_common/constants.py | 69 ----- tripleo_common/exception.py | 6 +- tripleo_common/image/builder/buildah.py | 5 +- tripleo_common/image/image_builder.py | 4 +- tripleo_common/image/image_export.py | 11 +- tripleo_common/image/image_uploader.py | 29 +- tripleo_common/inventory.py | 57 ++++ tripleo_common/templates/deployments.yaml | 7 + tripleo_common/update.py | 4 +- tripleo_common/utils/ansible.py | 25 +- tripleo_common/utils/ceph_spec.py | 303 +++++++++++++++++++++ tripleo_common/utils/config.py | 103 ++++++- tripleo_common/utils/keystone.py | 299 -------------------- tripleo_common/utils/nodes.py | 7 +- tripleo_common/utils/overcloudrc.py | 3 +- tripleo_common/utils/passwords.py | 3 +- tripleo_common/utils/roles.py | 10 +- tripleo_common/utils/safe_import.py | 28 -- tripleo_common/utils/time_functions.py | 29 -- zuul.d/layout.yaml | 5 +- 53 files changed, 655 insertions(+), 720 deletions(-) Requirements updates -------------------- diff --git a/requirements.txt b/requirements.txt index 40902f04..761984e8 100644 --- a/requirements.txt +++ b/requirements.txt @@ -7 +6,0 @@ GitPython>=1.0.1 # BSD License (3 clause) -eventlet!=0.20.1,>=0.20.0 # MIT @@ -15 +13,0 @@ python-ironicclient!=2.5.2,!=2.7.1,!=3.0.0,>=2.3.0 # Apache-2.0 -six>=1.10.0 # MIT From no-reply at openstack.org Tue Jan 18 10:08:54 2022 From: no-reply at openstack.org (no-reply at openstack.org) Date: Tue, 18 Jan 2022 10:08:54 -0000 Subject: [release-announce] oslo.utils 4.10.1 (xena) Message-ID: We are excited to announce the release of: oslo.utils 4.10.1: Oslo Utility library This release is part of the xena stable release series. The source is available from: https://opendev.org/openstack/oslo.utils Download the package from: https://pypi.org/project/oslo.utils Please report issues through: https://bugs.launchpad.net/oslo.utils/+bugs For more details, please see below. 4.10.1 ^^^^^^ Bug Fixes * bug #1942682 (https://bugs.launchpad.net/oslo.utils/+bug/1942682): Fix inconsistent value of *QemuImgInfo.encrypted*. Now the attribute is always *'yes'* or *None* regardless of the format(*human* or *json*) used. * Fix regex used to mask password. The "strutils.mask_password" function will now correctly handle passwords that contain single or double quotes. Previously, only the characters before the quote were masked. Changes in oslo.utils 4.10.0..4.10.1 ------------------------------------ 5ce8a7f Fix regex used to mask password 3e81ba7 QemuImgInfo: Fix inconsistent value format of encrypted ceb83ed Update TOX_CONSTRAINTS_FILE for stable/xena b298aef Update .gitreview for stable/xena Diffstat (except docs and test files) ------------------------------------- .gitreview | 3 ++- oslo_utils/imageutils.py | 2 +- oslo_utils/strutils.py | 15 ++++++++++++++- releasenotes/notes/bug-1942682-ea95d54b2587b32f.yaml | 6 ++++++ .../notes/fix_mask_password_regex-c0661f95a23369a4.yaml | 7 +++++++ tox.ini | 4 ++-- 8 files changed, 50 insertions(+), 6 deletions(-) From no-reply at openstack.org Thu Jan 20 09:25:54 2022 From: no-reply at openstack.org (no-reply at openstack.org) Date: Thu, 20 Jan 2022 09:25:54 -0000 Subject: [release-announce] oslo.utils 4.12.1 (yoga) Message-ID: We are happy to announce the release of: oslo.utils 4.12.1: Oslo Utility library This release is part of the yoga release series. The source is available from: https://opendev.org/openstack/oslo.utils Download the package from: https://pypi.org/project/oslo.utils Please report issues through: https://bugs.launchpad.net/oslo.utils/+bugs For more details, please see below. 4.12.1 ^^^^^^ Bug Fixes * Fix regex used to mask password. The "strutils.mask_password" function will now correctly handle passwords that contain single or double quotes. Previously, only the characters before the quote were masked. Changes in oslo.utils 4.12.0..4.12.1 ------------------------------------ 6e17ae1 Fix regex used to mask password 38e5ba4 Update python testing classifier 3d585b7 Use LOG.warning instead of deprecated LOG.warn Diffstat (except docs and test files) ------------------------------------- oslo_utils/netutils.py | 2 +- oslo_utils/strutils.py | 15 ++++++++++++++- .../notes/fix_mask_password_regex-c0661f95a23369a4.yaml | 7 +++++++ setup.cfg | 2 ++ 6 files changed, 44 insertions(+), 8 deletions(-) From no-reply at openstack.org Thu Jan 20 09:47:33 2022 From: no-reply at openstack.org (no-reply at openstack.org) Date: Thu, 20 Jan 2022 09:47:33 -0000 Subject: [release-announce] ovsdbapp 1.15.0 (yoga) Message-ID: We are gleeful to announce the release of: ovsdbapp 1.15.0: A library for creating OVSDB applications This release is part of the yoga release series. The source is available from: https://opendev.org/openstack/ovsdbapp Download the package from: https://tarballs.openstack.org/ovsdbapp/ Please report issues through: https://bugs.launchpad.net/ovsdbapp/+bugs For more details, please see below. Changes in ovsdbapp 1.14.0..1.15.0 ---------------------------------- 3ad4a1d Update QoS register in "QoSAddCommand" if exists 6fdacf8 Use "api.lookup" to search for a "Logical_Switch" Diffstat (except docs and test files) ------------------------------------- ovsdbapp/schema/ovn_northbound/commands.py | 44 ++++++++- ovsdbapp/schema/ovn_northbound/impl_idl.py | 6 +- .../schema/ovn_northbound/test_impl_idl.py | 106 ++++++++++++++++++--- 3 files changed, 138 insertions(+), 18 deletions(-) From no-reply at openstack.org Mon Jan 24 11:46:58 2022 From: no-reply at openstack.org (no-reply at openstack.org) Date: Mon, 24 Jan 2022 11:46:58 -0000 Subject: [release-announce] magnum 11.2.1 (victoria) Message-ID: We are psyched to announce the release of: magnum 11.2.1: Container Management project for OpenStack This release is part of the victoria stable release series. The source is available from: https://opendev.org/openstack/magnum Download the package from: https://tarballs.openstack.org/magnum/ Please report issues through: https://bugs.launchpad.net/magnum/+bugs For more details, please see below. Changes in magnum 11.2.0..11.2.1 -------------------------------- 4b1ba075 Refix --registry-enabled Diffstat (except docs and test files) ------------------------------------- .../templates/fragments/configure-docker-registry.sh | 2 +- .../common/templates/fragments/enable-docker-registry.sh | 14 ++++++-------- .../templates/kubernetes/fragments/write-heat-params.sh | 2 ++ .../drivers/k8s_fedora_atomic_v1/templates/kubeminion.yaml | 2 ++ .../drivers/k8s_fedora_coreos_v1/templates/kubeminion.yaml | 2 ++ 5 files changed, 13 insertions(+), 9 deletions(-) From no-reply at openstack.org Mon Jan 24 11:47:59 2022 From: no-reply at openstack.org (no-reply at openstack.org) Date: Mon, 24 Jan 2022 11:47:59 -0000 Subject: [release-announce] ceilometer 15.1.0 (victoria) Message-ID: We contentedly announce the release of: ceilometer 15.1.0: OpenStack Telemetry This release is part of the victoria stable release series. The source is available from: https://opendev.org/openstack/ceilometer Download the package from: https://tarballs.openstack.org/ceilometer/ Please report issues through: https://bugs.launchpad.net/ceilometer/+bugs For more details, please see below. 15.1.0 ^^^^^^ Bug Fixes * [bug 1940660 (https://bugs.launchpad.net/ceilometer/+bug/1940660)] Fixes an issue with the Swift pollster where the "[service_credentials] cafile" option was not used. This could prevent communication with TLS-enabled Swift APIs. Changes in ceilometer 15.0.0..15.1.0 ------------------------------------ e33a1f7d Remove jobs corresponds to obselete featuresets 3f73d8ba Fix CA file for Swift pollster 4bb02413 Do not install libvirt python bindings from pip 564a2ca6 [Stable-only] Pin Gnocchi to a specific release 418af55c [stable-only] Add font for PDF generation and fix lower constraints e953512d Cap tenacity < 7.0.0 e555e938 Update TOX_CONSTRAINTS_FILE for stable/victoria bb6dda05 Update .gitreview for stable/victoria Diffstat (except docs and test files) ------------------------------------- .gitreview | 1 + .zuul.yaml | 17 --------- bindep.txt | 3 ++ ceilometer/objectstore/swift.py | 8 +++-- devstack/plugin.sh | 5 ++- devstack/settings | 3 +- lower-constraints.txt | 9 ++--- .../notes/fix-1940660-5226988f2e7ae1bd.yaml | 7 ++++ requirements.txt | 6 ++-- tox.ini | 2 +- 11 files changed, 56 insertions(+), 47 deletions(-) Requirements updates -------------------- diff --git a/requirements.txt b/requirements.txt index 66dcb189..1d58b5f5 100644 --- a/requirements.txt +++ b/requirements.txt @@ -31,2 +31,2 @@ PyYAML>=3.13 # MIT -requests!=2.9.0,>=2.8.1 # Apache-2.0 -six>=1.9.0 # MIT +requests>=2.14.2 # Apache-2.0 +six>=1.10.0 # MIT @@ -34 +34 @@ stevedore>=1.20.0 # Apache-2.0 -tenacity>=4.12.0 # Apache-2.0 +tenacity>=4.12.0,<7.0.0 # Apache-2.0 From no-reply at openstack.org Mon Jan 24 11:48:59 2022 From: no-reply at openstack.org (no-reply at openstack.org) Date: Mon, 24 Jan 2022 11:48:59 -0000 Subject: [release-announce] ec2-api 11.1.0 (victoria) Message-ID: We are thrilled to announce the release of: ec2-api 11.1.0: OpenStack Ec2api Service This release is part of the victoria stable release series. The source is available from: https://opendev.org/openstack/ec2-api Download the package from: https://pypi.org/project/ec2-api Please report issues through: https://bugs.launchpad.net/ec2-api/+bugs For more details, please see below. Changes in ec2-api 11.0.0..11.1.0 --------------------------------- b2686a2 various fixes ee4f8f9 Run TripleO jobs on CentOS8 instead of CentOS7 4fec7cd Update TOX_CONSTRAINTS_FILE for stable/victoria 7102fec Update .gitreview for stable/victoria Diffstat (except docs and test files) ------------------------------------- .gitreview | 1 + .zuul.yaml | 5 +- ec2api/api/cloud.py | 14 +++-- ec2api/api/image.py | 4 +- ec2api/api/network_interface.py | 18 +++++- ec2api/api/volume.py | 17 +++++- lower-constraints.txt | 114 -------------------------------------- tox.ini | 8 +-- 11 files changed, 55 insertions(+), 140 deletions(-) From no-reply at openstack.org Mon Jan 24 11:49:25 2022 From: no-reply at openstack.org (no-reply at openstack.org) Date: Mon, 24 Jan 2022 11:49:25 -0000 Subject: [release-announce] octavia-dashboard 6.0.1 (victoria) Message-ID: We joyfully announce the release of: octavia-dashboard 6.0.1: Horizon panels for Octavia This release is part of the victoria stable release series. The source is available from: https://opendev.org/openstack/octavia-dashboard Download the package from: https://pypi.org/project/octavia-dashboard Please report issues through: https://storyboard.openstack.org/#!/project/openstack/octavia- dashboard For more details, please see below. 6.0.1 ^^^^^ Bug Fixes * Fixes a namespace collision with the barbican-ui dashboard. Changes in octavia-dashboard 6.0.0..6.0.1 ----------------------------------------- 3aef1f7 Change the Octavia Barbican namespace a66eb7e Imported Translations from Zanata 3954cda Imported Translations from Zanata a5371c5 Disable Load Balancers panel when Octavia service is not deployed 6f2ef77 Drop lower-constraints job 1b8a97d Imported Translations from Zanata 9737576 Imported Translations from Zanata Diffstat (except docs and test files) ------------------------------------- lower-constraints.txt | 142 -- octavia_dashboard/api/rest/barbican.py | 4 +- .../dashboards/project/load_balancer/panel.py | 2 +- .../locale/en_GB/LC_MESSAGES/djangojs.po | 11 +- octavia_dashboard/locale/es/LC_MESSAGES/django.po | 18 + .../locale/es/LC_MESSAGES/djangojs.po | 1620 ++++++++++++++++++++ .../locale/id/LC_MESSAGES/djangojs.po | 18 +- octavia_dashboard/locale/ru/LC_MESSAGES/django.po | 272 +--- .../locale/ru/LC_MESSAGES/djangojs.po | 1245 ++++++++++----- ...ican.service.js => octavia-barbican.service.js} | 18 +- ...ce.spec.js => octavia-barbican.service.spec.js} | 12 +- .../project/lbaasv2/workflow/model.service.js | 10 +- .../project/lbaasv2/workflow/model.service.spec.js | 2 +- ...ollision-with-barbican-ui-267f4ba074729ea6.yaml | 4 + tox.ini | 6 - zuul.d/projects.yaml | 1 - 16 files changed, 2561 insertions(+), 824 deletions(-) From no-reply at openstack.org Mon Jan 24 11:49:49 2022 From: no-reply at openstack.org (no-reply at openstack.org) Date: Mon, 24 Jan 2022 11:49:49 -0000 Subject: [release-announce] glance_store 2.3.1 (victoria) Message-ID: We are thrilled to announce the release of: glance_store 2.3.1: OpenStack Image Service Store Library This release is part of the victoria stable release series. The source is available from: https://opendev.org/openstack/glance_store Download the package from: https://pypi.org/project/glance_store For more details, please see below. Changes in glance_store 2.3.0..2.3.1 ------------------------------------ e43a56f Pass multipath config while creating connector object ff8df6d Drop lower-constraints job 177b803 Update TOX_CONSTRAINTS_FILE for stable/victoria 7f88a4d Update .gitreview for stable/victoria Diffstat (except docs and test files) ------------------------------------- .gitreview | 1 + .zuul.yaml | 2 - glance_store/_drivers/cinder.py | 2 +- lower-constraints.txt | 79 ----------------------- tox.ini | 13 ++-- 7 files changed, 14 insertions(+), 93 deletions(-) From no-reply at openstack.org Mon Jan 24 11:50:02 2022 From: no-reply at openstack.org (no-reply at openstack.org) Date: Mon, 24 Jan 2022 11:50:02 -0000 Subject: [release-announce] python-manilaclient 3.2.0 (yoga) Message-ID: We jubilantly announce the release of: python-manilaclient 3.2.0: Client library for OpenStack Manila API. This release is part of the yoga release series. The source is available from: https://opendev.org/openstack/python-manilaclient Download the package from: https://pypi.org/project/python-manilaclient Please report issues through: https://bugs.launchpad.net/python-manilaclient/+bugs For more details, please see below. 3.2.0 ^^^^^ New Features ************ * Share group types can now be filtered with their *group_specs*. * The command "manila share-server-manage" now accepts an optional "-- wait" that allows users to let the client poll for the completion of the operation. Bug Fixes ********* * Launchpad bug 1855391 (https://bugs.launchpad.net/python- manilaclient/+bug/1855391) has been fixed by adding a "force" argument to the share extension commands. * The commands "openstack share type list" and "openstack share access list" no longer support the "--columns" option. Use "-- column" to filter the output. * Launchpad bug 1953670 (https://bugs.launchpad.net/python- manilaclient/+bug/1953670) has been fixed by updating the attribute name for the share group type access repr to be share_group_type_id. Changes in python-manilaclient 3.1.0..3.2.0 ------------------------------------------- f9aee52 Implement OSC quota set default and project mandatory 043f34b Bump max API microversion e5e815b [OSC] Add missing waiters fa8a4b0 [OSC] Implement Share Group Type Commands e59bd63 Update python testing classifier c34f593 Move release notes to correct folders 840961c Add Python3 yoga unit tests 1f72195 [CI] Change rally and lower-constraints jobs dcb25e5 Fix the id attr for share group type access repr 31e231b Add export location information to share replica show command 81f9fc3 api 2.64, manilaclient support force extend share b095429 [OSC] Implement share network subnet commands b5a4f9c Add support for ~name and ~description filtering when listing shares. 13ec1d3 Add --wait flag to the mange share server operation Diffstat (except docs and test files) ------------------------------------- manilaclient/api_versions.py | 2 +- manilaclient/base.py | 1 - manilaclient/common/constants.py | 8 +- manilaclient/osc/utils.py | 66 ++- manilaclient/osc/v2/quotas.py | 159 ++++--- manilaclient/osc/v2/share.py | 46 +- manilaclient/osc/v2/share_access_rules.py | 39 +- manilaclient/osc/v2/share_group_type_access.py | 163 +++++++ manilaclient/osc/v2/share_group_types.py | 341 ++++++++++++++ manilaclient/osc/v2/share_network_subnets.py | 162 +++++++ manilaclient/osc/v2/share_replicas.py | 24 +- manilaclient/osc/v2/share_snapshots.py | 56 +++ .../unit/osc/v2/test_share_group_type_access.py | 204 ++++++++ .../unit/osc/v2/test_share_network_subnets.py | 213 +++++++++ manilaclient/v2/share_group_type_access.py | 2 +- manilaclient/v2/share_group_types.py | 5 +- manilaclient/v2/shares.py | 20 +- manilaclient/v2/shell.py | 30 +- ...arch-share-group-type-api-d5d9a6096f084b91.yaml | 4 + ...upport-force-extend-share-6b5ebcfe1de0ca7b.yaml | 5 + ...ge-share-server-operation-be6488c2a57536e1.yaml | 6 + ...-without-additional-logic-2970ee294f32bd31.yaml | 0 ...re-group-type-access-repr-008338a53d7a6a50.yaml | 5 + setup.cfg | 13 + zuul.d/project.yaml | 8 +- 36 files changed, 2633 insertions(+), 370 deletions(-) From no-reply at openstack.org Mon Jan 24 11:53:29 2022 From: no-reply at openstack.org (no-reply at openstack.org) Date: Mon, 24 Jan 2022 11:53:29 -0000 Subject: [release-announce] cloudkitty-dashboard 11.0.1 (victoria) Message-ID: We contentedly announce the release of: cloudkitty-dashboard 11.0.1: CloudKitty Horizon dashboard This release is part of the victoria stable release series. The source is available from: https://opendev.org/openstack/cloudkitty-dashboard Download the package from: https://pypi.org/project/cloudkitty-dashboard Please report issues through: https://storyboard.openstack.org/#!/project/openstack/cloudkitty- dashboard For more details, please see below. 11.0.1 ^^^^^^ Upgrade Notes * The CloudKitty dashboard now inherits the interface type from Horizon. This allows for easier testing, like in an all-in-one to use the internalURL. Changes in cloudkitty-dashboard 11.0.0..11.0.1 ---------------------------------------------- 2a24f55 Respect endpoint type specified in Horizon ea6adc2 Update TOX_CONSTRAINTS_FILE for stable/victoria fbb4510 Update .gitreview for stable/victoria Diffstat (except docs and test files) ------------------------------------- .gitreview | 1 + cloudkittydashboard/api/cloudkitty.py | 2 ++ releasenotes/notes/keystone-endpoint-type-b5646c052e65c848.yaml | 6 ++++++ tox.ini | 2 +- 4 files changed, 10 insertions(+), 1 deletion(-) From no-reply at openstack.org Mon Jan 24 11:53:35 2022 From: no-reply at openstack.org (no-reply at openstack.org) Date: Mon, 24 Jan 2022 11:53:35 -0000 Subject: [release-announce] sushy 3.4.5 (victoria) Message-ID: We contentedly announce the release of: sushy 3.4.5: Sushy is a small Python library to communicate with Redfish based systems This release is part of the victoria stable release series. The source is available from: https://opendev.org/openstack/sushy Download the package from: https://tarballs.openstack.org/sushy/ Please report issues through: https://storyboard.openstack.org/#!/project/openstack/sushy For more details, please see below. 3.4.5 ^^^^^ Bug Fixes * Fixes "Processor.sub_processors" for "'Processor' object has no attribute 'conn'" error. Changes in sushy 3.4.4..3.4.5 ----------------------------- ef9bc98 Revert "Raise an AccessError with SessionService init" b7a71f1 Raise an AccessError with SessionService init dba7d1a Fix Processor.sub_processors efd47e3 Protect Connector against empty auth object Diffstat (except docs and test files) ------------------------------------- .../notes/fix-subprocessors-3b619434dba4636d.yaml | 5 +++++ sushy/connector.py | 3 ++- sushy/resources/system/processor.py | 14 ++++++------- .../unit/json_samples/subprocessor_collection.json | 9 +++++++++ 8 files changed, 70 insertions(+), 8 deletions(-) From no-reply at openstack.org Mon Jan 24 11:54:52 2022 From: no-reply at openstack.org (no-reply at openstack.org) Date: Mon, 24 Jan 2022 11:54:52 -0000 Subject: [release-announce] kolla 11.2.1 (victoria) Message-ID: We are amped to announce the release of: kolla 11.2.1: Kolla OpenStack Deployment This release is part of the victoria stable release series. The source is available from: https://opendev.org/openstack/kolla Download the package from: https://tarballs.openstack.org/kolla/ Please report issues through: https://bugs.launchpad.net/kolla/+bugs For more details, please see below. Changes in kolla 11.2.0..11.2.1 ------------------------------- bfc4c8e3c [CI] Stop testing non-stream CentOS 464d15175 Fix variable name Diffstat (except docs and test files) ------------------------------------- .zuul.d/base.yaml | 12 ------------ .zuul.d/centos.yaml | 38 ++++---------------------------------- 3 files changed, 7 insertions(+), 49 deletions(-) From no-reply at openstack.org Mon Jan 24 11:55:10 2022 From: no-reply at openstack.org (no-reply at openstack.org) Date: Mon, 24 Jan 2022 11:55:10 -0000 Subject: [release-announce] networking-generic-switch 4.0.1 (victoria) Message-ID: We eagerly announce the release of: networking-generic-switch 4.0.1: Generic Switch ML2 Neutron Driver This release is part of the victoria stable release series. The source is available from: https://opendev.org/openstack/networking-generic-switch Download the package from: https://pypi.org/project/networking-generic-switch Please report issues through: https://storyboard.openstack.org/#!/project/openstack/networking- generic-switch For more details, please see below. 4.0.1 ^^^^^ Bug Fixes * Fixed command syntax of Juniper devices. This makes the driver incompatible with some very old Junos OS releases that are EOL and no longer supported by the vendor. Changes in networking-generic-switch 4.0.0..4.0.1 ------------------------------------------------- 8c1a1c7 Fix command syntax in Juniper driver 79aa400 Remove lower-constraints job f7e74b0 Add documentation for Cumulus Linux NCLU ef45de9 Update TOX_CONSTRAINTS_FILE for stable/victoria b4f8536 Update .gitreview for stable/victoria Diffstat (except docs and test files) ------------------------------------- .gitreview | 1 + .../devices/netmiko_devices/juniper.py | 14 ++++----- .../notes/fix-junos-syntax-27bb18dc737d776b.yaml | 6 ++++ tox.ini | 8 ++--- zuul.d/project.yaml | 2 -- 8 files changed, 51 insertions(+), 35 deletions(-) From no-reply at openstack.org Mon Jan 24 11:56:01 2022 From: no-reply at openstack.org (no-reply at openstack.org) Date: Mon, 24 Jan 2022 11:56:01 -0000 Subject: [release-announce] kolla-ansible 11.3.0 (victoria) Message-ID: We contentedly announce the release of: kolla-ansible 11.3.0: Ansible Deployment of Kolla containers This release is part of the victoria stable release series. The source is available from: https://opendev.org/openstack/kolla-ansible Download the package from: https://tarballs.openstack.org/kolla-ansible/ Please report issues through: https://bugs.launchpad.net/kolla-ansible/+bugs For more details, please see below. 11.3.0 ^^^^^^ Upgrade Notes ************* * RabbitMQ's Prometheus plugin is no longer enabled by default if Prometheus is not deployed. If external Prometheus is used, you need to turn on "rabbitmq_enable_prometheus_plugin" to get old behaviour. Bug Fixes ********* * Removes custom value of "max_allowed_secret_in_bytes" in "barbican.conf". The default maximum size in Barbican was doubled to avoid issues with some certificates. LP #1957795 * Fixed the deployment failure of outward_rabbitmq by resolving port conflicts by customizing RabbitMQ's "prometheus.tcp.port". LP #1885106 * Fixes Octavia's "Connection refused" errors by adding "ovn_sb_connection" to "octavia.conf". LP#195011 * Ironic API and Ironic Inspector API use separate policy files. Ironic role was updated to be able to handle both policies separately. LP#1952948 * Fixes Placement no logrotate configuration LP#1954723 * Fixes unable to connect to zun console when "kolla_enable_tls_external" is true. Access to console of any zun container fails when "kolla_enable_tls_external" is true. This fix sets the protocol for wsproxy "base_url" in "zun.conf" according to the value of "kolla_enable_tls_external" LP#1957117 * Fix the apache's wsgi configuration for the aodh service in Debuntu binary flavours. LP#1953059 Changes in kolla-ansible 11.2.0..11.3.0 --------------------------------------- e011846ec Revert "[CI] [to-revert] Avoid upgrades on CentOS Stream 8" 748c82751 Remove custom value of max_allowed_secret_in_bytes 1c510c33e [CI] [to-revert] Avoid upgrades on CentOS Stream 8 69b7bb93f Fix permission denied errors with ping on c8s e80acd625 Add logrotate to libvirt service 1dd2e4f3d Access to zun container fails when tls_external enabled. 153fa1ad6 Add logrotate configuration for placement service cb73051bc rabbitmq: enable/disable prometheus plugin follow up f67a1d1ec docs: adjust to current defaults 46544622e Support enable/disable rabbitmq prometheus plugins 1a87ed1a0 CI: check-logs - add another exception 145e64d5c Move project_name and kolla_role_name to role vars c257359dc [CI] Stop testing non-stream CentOS d5fe6a38c horizon: move horizon_enable_tls_backend to group_vars b97372923 Add ironic-inspector policy configuration f14caa1e6 Add ovn_sb_connection to octavia.conf fe1e6b465 Fix aodh wsgi config file in Debuntu binary dc5f3700f Register resources info for octavia upgrading Diffstat (except docs and test files) ------------------------------------- ansible/group_vars/all.yml | 7 +- ansible/roles/aodh/defaults/main.yml | 2 - ansible/roles/aodh/templates/wsgi-aodh.conf.j2 | 4 - ansible/roles/aodh/vars/main.yml | 2 + ansible/roles/barbican/defaults/main.yml | 2 - ansible/roles/barbican/templates/barbican.conf.j2 | 1 - ansible/roles/barbican/vars/main.yml | 2 + ansible/roles/baremetal/tasks/pre-install.yml | 9 ++ ansible/roles/bifrost/defaults/main.yml | 2 - ansible/roles/bifrost/vars/main.yml | 2 + ansible/roles/blazar/defaults/main.yml | 2 - ansible/roles/blazar/vars/main.yml | 2 + ansible/roles/ceilometer/defaults/main.yml | 2 - ansible/roles/ceilometer/vars/main.yml | 2 + ansible/roles/chrony/defaults/main.yml | 2 - ansible/roles/chrony/vars/main.yml | 2 + ansible/roles/cinder/defaults/main.yml | 2 - ansible/roles/cinder/vars/main.yml | 2 + ansible/roles/cloudkitty/defaults/main.yml | 2 - ansible/roles/cloudkitty/vars/main.yml | 2 + ansible/roles/collectd/defaults/main.yml | 2 - ansible/roles/collectd/vars/main.yml | 2 + ansible/roles/common/defaults/main.yml | 2 - ansible/roles/common/tasks/config.yml | 2 + .../templates/cron-logrotate-nova-libvirt.conf.j2 | 3 + .../templates/cron-logrotate-placement.conf.j2 | 3 + ansible/roles/common/vars/main.yml | 2 + ansible/roles/cyborg/defaults/main.yml | 2 - ansible/roles/cyborg/vars/main.yml | 2 + ansible/roles/designate/defaults/main.yml | 2 - ansible/roles/designate/vars/main.yml | 2 + ansible/roles/elasticsearch/defaults/main.yml | 2 - ansible/roles/elasticsearch/vars/main.yml | 2 + ansible/roles/etcd/defaults/main.yml | 2 - ansible/roles/etcd/vars/main.yml | 2 + ansible/roles/freezer/defaults/main.yml | 2 - ansible/roles/freezer/vars/main.yml | 2 + ansible/roles/glance/defaults/main.yml | 2 - ansible/roles/glance/vars/main.yml | 2 + ansible/roles/gnocchi/defaults/main.yml | 2 - ansible/roles/gnocchi/vars/main.yml | 2 + ansible/roles/grafana/defaults/main.yml | 2 - ansible/roles/grafana/vars/main.yml | 2 + ansible/roles/haproxy-config/defaults/main.yml | 2 - ansible/roles/haproxy-config/vars/main.yml | 2 + ansible/roles/haproxy/defaults/main.yml | 2 - ansible/roles/haproxy/vars/main.yml | 2 + ansible/roles/heat/defaults/main.yml | 2 - ansible/roles/heat/vars/main.yml | 2 + ansible/roles/horizon/defaults/main.yml | 7 - ansible/roles/horizon/vars/main.yml | 2 + ansible/roles/influxdb/defaults/main.yml | 2 - ansible/roles/influxdb/vars/main.yml | 2 + ansible/roles/ironic/defaults/main.yml | 2 - ansible/roles/ironic/tasks/config.yml | 42 +++++- .../ironic/templates/ironic-inspector.json.j2 | 8 +- ansible/roles/ironic/vars/main.yml | 2 + ansible/roles/iscsi/defaults/main.yml | 2 - ansible/roles/iscsi/vars/main.yml | 2 + ansible/roles/kafka/defaults/main.yml | 2 - ansible/roles/kafka/vars/main.yml | 2 + ansible/roles/karbor/defaults/main.yml | 2 - ansible/roles/karbor/vars/main.yml | 2 + ansible/roles/keystone/defaults/main.yml | 2 - ansible/roles/keystone/vars/main.yml | 2 + ansible/roles/kibana/defaults/main.yml | 2 - ansible/roles/kibana/vars/main.yml | 2 + ansible/roles/kuryr/defaults/main.yml | 1 - ansible/roles/kuryr/vars/main.yml | 2 + ansible/roles/magnum/defaults/main.yml | 2 - ansible/roles/magnum/vars/main.yml | 2 + ansible/roles/manila/defaults/main.yml | 2 - ansible/roles/manila/vars/main.yml | 2 + ansible/roles/mariadb/defaults/main.yml | 2 - ansible/roles/mariadb/vars/main.yml | 2 + ansible/roles/masakari/defaults/main.yml | 2 - ansible/roles/masakari/vars/main.yml | 2 + ansible/roles/memcached/defaults/main.yml | 2 - ansible/roles/memcached/vars/main.yml | 2 + ansible/roles/mistral/defaults/main.yml | 2 - ansible/roles/mistral/vars/main.yml | 2 + ansible/roles/monasca/defaults/main.yml | 2 - ansible/roles/monasca/vars/main.yml | 2 + ansible/roles/multipathd/defaults/main.yml | 2 - ansible/roles/multipathd/vars/main.yml | 2 + ansible/roles/murano/defaults/main.yml | 2 - ansible/roles/murano/vars/main.yml | 2 + ansible/roles/neutron/defaults/main.yml | 2 - ansible/roles/neutron/vars/main.yml | 2 + ansible/roles/nova-cell/defaults/main.yml | 6 - ansible/roles/nova-cell/vars/main.yml | 6 + ansible/roles/nova/defaults/main.yml | 2 - ansible/roles/nova/vars/main.yml | 2 + ansible/roles/octavia/defaults/main.yml | 2 - ansible/roles/octavia/tasks/get_resources_info.yml | 67 +++++++++ ansible/roles/octavia/tasks/upgrade.yml | 3 + ansible/roles/octavia/templates/octavia.conf.j2 | 3 +- ansible/roles/octavia/vars/main.yml | 2 + ansible/roles/openvswitch/defaults/main.yml | 2 - ansible/roles/openvswitch/vars/main.yml | 2 + ansible/roles/ovn/defaults/main.yml | 2 - ansible/roles/ovn/vars/main.yml | 2 + ansible/roles/ovs-dpdk/defaults/main.yml | 1 - ansible/roles/ovs-dpdk/vars/main.yml | 2 + ansible/roles/panko/defaults/main.yml | 2 - ansible/roles/panko/vars/main.yml | 2 + ansible/roles/placement/defaults/main.yml | 2 - ansible/roles/placement/vars/main.yml | 2 + ansible/roles/prometheus/defaults/main.yml | 2 - ansible/roles/prometheus/vars/main.yml | 2 + ansible/roles/qdrouterd/defaults/main.yml | 2 - ansible/roles/qdrouterd/vars/main.yml | 2 + ansible/roles/qinling/defaults/main.yml | 2 - ansible/roles/qinling/vars/main.yml | 2 + ansible/roles/rabbitmq/defaults/main.yml | 14 +- ansible/roles/rabbitmq/tasks/config.yml | 18 +++ .../roles/rabbitmq/templates/enabled_plugins.j2 | 1 + ansible/roles/rabbitmq/templates/rabbitmq.conf.j2 | 5 + ansible/roles/rabbitmq/templates/rabbitmq.json.j2 | 6 + ansible/roles/rabbitmq/vars/main.yml | 2 + ansible/roles/rally/defaults/main.yml | 2 - ansible/roles/rally/vars/main.yml | 2 + ansible/roles/redis/defaults/main.yml | 2 - ansible/roles/redis/vars/main.yml | 2 + ansible/roles/sahara/defaults/main.yml | 2 - ansible/roles/sahara/vars/main.yml | 2 + ansible/roles/searchlight/defaults/main.yml | 2 - ansible/roles/searchlight/vars/main.yml | 2 + ansible/roles/senlin/defaults/main.yml | 2 - ansible/roles/senlin/vars/main.yml | 2 + ansible/roles/skydive/defaults/main.yml | 2 - ansible/roles/skydive/vars/main.yml | 2 + ansible/roles/solum/defaults/main.yml | 2 - ansible/roles/solum/vars/main.yml | 2 + ansible/roles/storm/defaults/main.yml | 2 - ansible/roles/storm/vars/main.yml | 2 + ansible/roles/swift/defaults/main.yml | 2 - ansible/roles/swift/vars/main.yml | 2 + ansible/roles/tacker/defaults/main.yml | 2 - ansible/roles/tacker/vars/main.yml | 2 + ansible/roles/telegraf/defaults/main.yml | 2 - ansible/roles/telegraf/vars/main.yml | 2 + ansible/roles/tempest/defaults/main.yml | 2 - ansible/roles/tempest/vars/main.yml | 2 + ansible/roles/trove/defaults/main.yml | 2 - ansible/roles/trove/vars/main.yml | 2 + ansible/roles/vitrage/defaults/main.yml | 2 - ansible/roles/vitrage/vars/main.yml | 2 + ansible/roles/vmtp/defaults/main.yml | 2 - ansible/roles/vmtp/vars/main.yml | 2 + ansible/roles/watcher/defaults/main.yml | 2 - ansible/roles/watcher/vars/main.yml | 2 + ansible/roles/zookeeper/defaults/main.yml | 2 - ansible/roles/zookeeper/vars/main.yml | 2 + ansible/roles/zun/defaults/main.yml | 2 - ansible/roles/zun/templates/zun.conf.j2 | 2 +- ansible/roles/zun/vars/main.yml | 2 + ansible/site.yml | 2 + ...n-max-allowed-secret-size-1941307ab5d2a9fd.yaml | 7 + .../notes/bug-1885106-2347d7458a8f9cb0.yaml | 13 ++ .../notes/bug-1950111-8e477fb6a5b58822.yaml | 6 + .../notes/bug-1952948-003aabe18144f569.yaml | 6 + .../notes/bug-1954723-2d49335022492891.yaml | 5 + .../notes/bug-1957117-7832104d66a91da7.yaml | 11 ++ .../fix-aodh-wsgi-config-7679adda584e33bb.yaml | 6 + roles/multi-node-managed-addressing/tasks/main.yml | 1 + zuul.d/jobs.yaml | 166 --------------------- zuul.d/nodesets.yaml | 22 --- zuul.d/project.yaml | 22 --- 171 files changed, 386 insertions(+), 375 deletions(-) From no-reply at openstack.org Mon Jan 24 12:00:57 2022 From: no-reply at openstack.org (no-reply at openstack.org) Date: Mon, 24 Jan 2022 12:00:57 -0000 Subject: [release-announce] python-ironicclient 4.4.1 (victoria) Message-ID: We are pumped to announce the release of: python-ironicclient 4.4.1: OpenStack Bare Metal Provisioning API Client Library This release is part of the victoria stable release series. The source is available from: https://opendev.org/openstack/python-ironicclient Download the package from: https://pypi.org/project/python-ironicclient Please report issues through: https://storyboard.openstack.org/#!/project/openstack/python- ironicclient For more details, please see below. 4.4.1 ^^^^^ Bug Fixes * The "--debug" option now works correctly with the built-in "baremetal" command line tool. * Fixes using "network_data" with the "--fields" parameter. Changes in python-ironicclient 4.4.0..4.4.1 ------------------------------------------- 2e6778f Make baremetal --debug actually work 0187ffb Fix --fields network_data 8ae1c79 Remove lower-constraints job Diffstat (except docs and test files) ------------------------------------- ironicclient/shell.py | 18 ++++++++++++++++++ ironicclient/v1/resource_fields.py | 1 + releasenotes/notes/debug-e9dd680d783fa4b6.yaml | 5 +++++ releasenotes/notes/network_data-c48b3878a5b04df5.yaml | 4 ++++ zuul.d/project.yaml | 1 - 6 files changed, 29 insertions(+), 1 deletion(-) From no-reply at openstack.org Mon Jan 24 12:00:59 2022 From: no-reply at openstack.org (no-reply at openstack.org) Date: Mon, 24 Jan 2022 12:00:59 -0000 Subject: [release-announce] watcher-dashboard 4.0.1 (victoria) Message-ID: We are glad to announce the release of: watcher-dashboard 4.0.1: Watcher Management Dashboard This release is part of the victoria stable release series. The source is available from: https://opendev.org/openstack/watcher-dashboard Download the package from: https://tarballs.openstack.org/watcher-dashboard/ Please report issues through: https://bugs.launchpad.net/watcher-dashboard/+bugs For more details, please see below. Changes in watcher-dashboard 4.0.0..4.0.1 ----------------------------------------- 4498a25 Fix broken devstack install 745cada Fix create audit fail from audit_template 87e4366 Dropping lower constraints testing ced2f04 Update TOX_CONSTRAINTS_FILE for stable/victoria b6942bb Update .gitreview for stable/victoria Diffstat (except docs and test files) ------------------------------------- .gitreview | 1 + .zuul.yaml | 1 - devstack/plugin.sh | 4 +- lower-constraints.txt | 125 ----------------------- tox.ini | 9 +- watcher_dashboard/api/watcher.py | 4 +- 7 files changed, 10 insertions(+), 140 deletions(-) From no-reply at openstack.org Mon Jan 24 12:01:04 2022 From: no-reply at openstack.org (no-reply at openstack.org) Date: Mon, 24 Jan 2022 12:01:04 -0000 Subject: [release-announce] ironic-lib 4.4.2 (victoria) Message-ID: We eagerly announce the release of: ironic-lib 4.4.2: Ironic common library This release is part of the victoria stable release series. The source is available from: https://opendev.org/openstack/ironic-lib Download the package from: https://pypi.org/project/ironic-lib Please report issues through: https://storyboard.openstack.org/#!/project/openstack/ironic-lib For more details, please see below. Changes in ironic-lib 4.4.1..4.4.2 ---------------------------------- b117e63 utils.execute: log stdout and stderr even on failure f4cabc0 Limit the number of malloc arenas for qemu-img convert d27b4a2 Raise qemu-img memory limit to 2 GiB Diffstat (except docs and test files) ------------------------------------- ironic_lib/disk_utils.py | 17 +++++++++++++++-- ironic_lib/utils.py | 23 ++++++++++++++++------- 4 files changed, 59 insertions(+), 21 deletions(-) From no-reply at openstack.org Mon Jan 24 12:01:57 2022 From: no-reply at openstack.org (no-reply at openstack.org) Date: Mon, 24 Jan 2022 12:01:57 -0000 Subject: [release-announce] ansible-role-chrony 1.1.0 Message-ID: We contentedly announce the release of: ansible-role-chrony 1.1.0: ansible-role-chrony - Ansible chrony role The source is available from: https://opendev.org/openstack/ansible-role-chrony Download the package from: https://tarballs.openstack.org/ansible-role-chrony/ For more details, please see below. Changes in ansible-role-chrony 1.0.3..1.1.0 ------------------------------------------- 1b82e87 Replacing chrony-helper with chronyc 14b34c2 Create chrony-online service ae5374e Switch to centos8 standalone job 15ad507 Correct the tox option for skipping sdist generation 5580549 setup.cfg: Replace dashes with underscores Diffstat (except docs and test files) ------------------------------------- README.rst | 2 +- files/chrony-online.service | 12 ++++++++++++ setup.cfg | 8 ++++---- tasks/main.yml | 4 ++++ tasks/online.yml | 14 ++++++++++++++ tox.ini | 2 +- zuul.d/layout.yaml | 8 ++++++-- 7 files changed, 42 insertions(+), 8 deletions(-) From no-reply at openstack.org Mon Jan 24 12:08:28 2022 From: no-reply at openstack.org (no-reply at openstack.org) Date: Mon, 24 Jan 2022 12:08:28 -0000 Subject: [release-announce] cloudkitty 13.0.2 (victoria) Message-ID: We are psyched to announce the release of: cloudkitty 13.0.2: Rating as a Service component for OpenStack This release is part of the victoria stable release series. The source is available from: https://opendev.org/openstack/cloudkitty Download the package from: https://pypi.org/project/cloudkitty Please report issues through: https://storyboard.openstack.org/#!/project/openstack/cloudkitty For more details, please see below. 13.0.2 ^^^^^^ Bug Fixes * Fixes the quote API method. See story 2009022 `_ for more details. Changes in cloudkitty 13.0.1..13.0.2 ------------------------------------ 28f8bd4 Fix quote API Diffstat (except docs and test files) ------------------------------------- cloudkitty/api/v1/controllers/rating.py | 6 ++- cloudkitty/orchestrator.py | 46 ++++++++++++++++++---- .../notes/fix-quote-v1-api-7282f01b596f0f3b.yaml | 5 +++ 3 files changed, 48 insertions(+), 9 deletions(-) From no-reply at openstack.org Mon Jan 24 12:11:40 2022 From: no-reply at openstack.org (no-reply at openstack.org) Date: Mon, 24 Jan 2022 12:11:40 -0000 Subject: [release-announce] oslo.service 2.4.1 (victoria) Message-ID: We are pleased to announce the release of: oslo.service 2.4.1: oslo.service library This release is part of the victoria stable release series. The source is available from: https://opendev.org/openstack/oslo.service Download the package from: https://pypi.org/project/oslo.service Please report issues through: https://bugs.launchpad.net/oslo.service/+bugs For more details, please see below. 2.4.1 ^^^^^ New Features * A new config options, "[DEFAULT] wsgi_server_debug", has been added. This allows admins to configure whether the server should send exception tracebacks to the clients on HTTP 500 errors. This defaults to "False", preserving previous behavior. Changes in oslo.service 2.4.0..2.4.1 ------------------------------------ 615cfad Make debug option of wsgi server configurable ee19ff3 Unbreak lower constraints 4017909 Update TOX_CONSTRAINTS_FILE for stable/victoria bb2a341 Update .gitreview for stable/victoria Diffstat (except docs and test files) ------------------------------------- .gitreview | 1 + lower-constraints.txt | 2 +- oslo_service/_options.py | 5 +++++ oslo_service/wsgi.py | 2 +- releasenotes/notes/add-wsgi_server_debug-opt-70d818b5b78bfc7c.yaml | 7 +++++++ tox.ini | 4 ++-- 6 files changed, 17 insertions(+), 4 deletions(-) From no-reply at openstack.org Mon Jan 24 12:14:08 2022 From: no-reply at openstack.org (no-reply at openstack.org) Date: Mon, 24 Jan 2022 12:14:08 -0000 Subject: [release-announce] neutron-lib 2.19.0 (yoga) Message-ID: We exuberantly announce the release of: neutron-lib 2.19.0: Neutron shared routines and utilities This release is part of the yoga release series. The source is available from: https://opendev.org/openstack/neutron-lib Download the package from: https://pypi.org/project/neutron-lib Please report issues through: https://bugs.launchpad.net/neutron/+bugs For more details, please see below. 2.19.0 ^^^^^^ Bug Fixes ********* * Fixed an issue where API validation for duplicate entries in list values would fail with a TypeError in case the values in the list was of type "dict". See bug: 1956785 (https://bugs.launchpad.net/neutron/+bug/1956785). Other Notes *********** * Openvswitch related constants are moved from the "neutron_lib.constants" module to the own module "neutron_lib.plugins.ml2.ovs_constants". * Added abstract method "get_workers" to "QuotaDriverAPI" metaclass. This method returns the quota driver workers that needs to be spawned during the plugin initialization. Changes in neutron-lib 2.18.1..2.19.0 ------------------------------------- 64b2f2b remove unicode from code 04a8766 Add "get_workers" method to "QuotaDriverAPI" class 88b755c Fix collect duplicates TypeError for dict values e70fdbe Rehome ovs related constants to the separate module Diffstat (except docs and test files) ------------------------------------- api-ref/source/conf.py | 8 +- neutron_lib/api/validators/__init__.py | 10 +- neutron_lib/constants.py | 208 ------------------- neutron_lib/db/quota_api.py | 13 ++ neutron_lib/plugins/ml2/ovs_constants.py | 224 +++++++++++++++++++++ ...stants-to-separate-module-07ce93971dd1d7dc.yaml | 6 + ...dation-collect-duplicates-f4d45bf5d5abbdff.yaml | 8 + ...ta-driver-api-get-workers-f540a81235dbf48d.yaml | 6 + releasenotes/source/conf.py | 16 +- 14 files changed, 313 insertions(+), 246 deletions(-) From no-reply at openstack.org Mon Jan 24 14:55:57 2022 From: no-reply at openstack.org (no-reply at openstack.org) Date: Mon, 24 Jan 2022 14:55:57 -0000 Subject: [release-announce] ovsdbapp 1.9.1 (wallaby) Message-ID: We are excited to announce the release of: ovsdbapp 1.9.1: A library for creating OVSDB applications This release is part of the wallaby stable release series. The source is available from: https://opendev.org/openstack/ovsdbapp Download the package from: https://tarballs.openstack.org/ovsdbapp/ Please report issues through: https://bugs.launchpad.net/ovsdbapp/+bugs For more details, please see below. Changes in ovsdbapp 1.9.0..1.9.1 -------------------------------- 8304251 Actually close the connection in Connection.stop() 66918f9 Don't spam retries 100s of times a second d0cc492 Add an active wait in the "Backend.lookup" 007c0f6 Fix docs job f6a19a3 Update TOX_CONSTRAINTS_FILE for stable/wallaby 875be60 Update .gitreview for stable/wallaby Diffstat (except docs and test files) ------------------------------------- .gitreview | 1 + ovsdbapp/backend/ovs_idl/__init__.py | 48 ++++++++++++++++- ovsdbapp/backend/ovs_idl/connection.py | 5 +- ovsdbapp/backend/ovs_idl/transaction.py | 8 +++ .../functional/backend/ovs_idl/test_backend.py | 63 ++++++++++++++++++++++ tox.ini | 3 +- 6 files changed, 124 insertions(+), 4 deletions(-) From no-reply at openstack.org Mon Jan 24 15:04:39 2022 From: no-reply at openstack.org (no-reply at openstack.org) Date: Mon, 24 Jan 2022 15:04:39 -0000 Subject: [release-announce] os-ken 1.4.1 (wallaby) Message-ID: We are glad to announce the release of: os-ken 1.4.1: A component-based software defined networking framework for OpenStack. This release is part of the wallaby stable release series. The source is available from: https://opendev.org/openstack/os-ken Download the package from: https://pypi.org/project/os-ken Please report issues through: https://storyboard.openstack.org/#!/project/openstack/os-ken For more details, please see below. Changes in os-ken 1.4.0..1.4.1 ------------------------------ 018d755f Avoid missing key 'password' for neighbor_add 7619c024 Avoid logging MD5 password for BGP add neighbor 99361db1 Add requirements.txt to tox environment 2c434939 Update TOX_CONSTRAINTS_FILE for stable/wallaby 5ed7d999 Update .gitreview for stable/wallaby Diffstat (except docs and test files) ------------------------------------- .gitreview | 1 + .zuul.yaml | 2 +- lower-constraints.txt | 137 ------------------------------ os_ken/services/protocols/bgp/api/base.py | 8 +- tox.ini | 13 ++- 6 files changed, 15 insertions(+), 147 deletions(-) From no-reply at openstack.org Wed Jan 26 11:46:04 2022 From: no-reply at openstack.org (no-reply at openstack.org) Date: Wed, 26 Jan 2022 11:46:04 -0000 Subject: [release-announce] os-traits 2.7.0 Message-ID: We are satisfied to announce the release of: os-traits 2.7.0: A library containing standardized trait strings The source is available from: https://opendev.org/openstack/os-traits Download the package from: https://pypi.org/project/os-traits For more details, please see below. Changes in os-traits 2.6.0..2.7.0 --------------------------------- fce0902 Adds Pick guest CPU architecture based on host arch in libvirt driver support d81a6f2 Updating python testing classifier as per Yoga testing runtime e14a404 Add a trait for remote_managed port-capable nodes ff96dcc Change minversion of tox to 3.18.0 Diffstat (except docs and test files) ------------------------------------- .zuul.yaml | 2 +- os_traits/compute/__init__.py | 3 +++ os_traits/compute/arch.py | 25 ++++++++++++++++++++ os_traits/hw/arch.py | 53 +++++++++++++++++++++++++++++++++++++++++++ setup.cfg | 2 ++ tox.ini | 8 +++---- 6 files changed, 88 insertions(+), 5 deletions(-) From no-reply at openstack.org Wed Jan 26 11:46:42 2022 From: no-reply at openstack.org (no-reply at openstack.org) Date: Wed, 26 Jan 2022 11:46:42 -0000 Subject: [release-announce] python-manilaclient 3.0.1 (xena) Message-ID: We are psyched to announce the release of: python-manilaclient 3.0.1: Client library for OpenStack Manila API. This release is part of the xena stable release series. The source is available from: https://opendev.org/openstack/python-manilaclient Download the package from: https://pypi.org/project/python-manilaclient Please report issues through: https://bugs.launchpad.net/python-manilaclient/+bugs For more details, please see below. 3.0.1 ^^^^^ Bug Fixes * Launchpad bug 1953670 (https://bugs.launchpad.net/python- manilaclient/+bug/1953670) has been fixed by updating the attribute name for the share group type access repr to be share_group_type_id. Changes in python-manilaclient 3.0.0..3.0.1 ------------------------------------------- dfd9f83 Fix the id attr for share group type access repr 406ae1c [CI] Fix CI jobs 1af5987 Update TOX_CONSTRAINTS_FILE for stable/xena cb48090 Update .gitreview for stable/xena Diffstat (except docs and test files) ------------------------------------- .gitreview | 1 + manilaclient/v2/share_group_type_access.py | 2 +- ...-share-group-type-access-repr-008338a53d7a6a50.yaml | 5 +++++ tox.ini | 6 +++--- zuul.d/project.yaml | 5 ++--- 7 files changed, 28 insertions(+), 12 deletions(-) From no-reply at openstack.org Wed Jan 26 11:47:31 2022 From: no-reply at openstack.org (no-reply at openstack.org) Date: Wed, 26 Jan 2022 11:47:31 -0000 Subject: [release-announce] blazar 6.0.1 (victoria) Message-ID: We are gleeful to announce the release of: blazar 6.0.1: Reservation Service for OpenStack clouds This release is part of the victoria stable release series. The source is available from: https://opendev.org/openstack/blazar Download the package from: https://tarballs.openstack.org/blazar/ Please report issues through: https://bugs.launchpad.net/blazar/+bugs For more details, please see below. 6.0.1 ^^^^^ Bug Fixes * Fixes database migrations with Alembic 1.5.0 or greater. For more details, see bug 1912502 (https://bugs.launchpad.net/blazar/+bug/1912502). Changes in blazar 6.0.0..6.0.1 ------------------------------ 6fc1d3c docs: Update Freenode to OFTC bfba274 Fix use of legacy Alembic API e0bd740 Remove lower-constraints job on stable branches 002024d Update TOX_CONSTRAINTS_FILE for stable/victoria 253d10a Update .gitreview for stable/victoria Diffstat (except docs and test files) ------------------------------------- .gitreview | 1 + .zuul.yaml | 1 - .../versions/2bcfe76b0474_change_tenant_to_project.py | 4 ++-- releasenotes/notes/alembic-fix-alter-column-42a87657992d1e78.yaml | 5 +++++ tox.ini | 4 ++-- 6 files changed, 11 insertions(+), 6 deletions(-) From no-reply at openstack.org Wed Jan 26 11:49:58 2022 From: no-reply at openstack.org (no-reply at openstack.org) Date: Wed, 26 Jan 2022 11:49:58 -0000 Subject: [release-announce] ironic-python-agent 6.4.4 (victoria) Message-ID: We are tickled pink to announce the release of: ironic-python-agent 6.4.4: Ironic Python Agent Ramdisk This release is part of the victoria stable release series. The source is available from: https://opendev.org/openstack/ironic-python-agent Download the package from: https://tarballs.openstack.org/ironic-python-agent/ Please report issues through: https://storyboard.openstack.org/#!/project/openstack/ironic- python-agent For more details, please see below. 6.4.4 ^^^^^ New Features ************ * Adds an configuration option which can be encoded into the ramdisk itself or the PXE parameters being provided to instruct the agent to ignore bootloader installation or configuration failures. This functionality is useful to work around well-intentioned hardware which is auto-populating all possible device into the UEFI nvram firmware in order to try and help ensure the machine boots. Except, this can also mean any explict configuration attempt will fail. Operators needing this bypass can use the "ipa-ignore-bootloader- failure" configuration option on the PXE command line or utilize the "ignore_bootloader_failure" option for the Ramdisk configuration. In a future version of ironic, this setting may be able to be overriden by ironic node level configuration. * Adds the capability into the agent to read and act upon bootloader CSV files which serve as authoritative indicators of what bootloader to load instead of leaning towards utilizing the default. Known Issues ************ * If multiple bootloader CSV files are present on the EFI filesystem, the first CSV file discovered will be utilized. The Ironic team considers multiple files to be a defect in the image being deployed. This may be changed in the future. Bug Fixes ********* * Setting the new "ipa-ignore-bootloader-failure" config option prevents errors due to bootloader installation failure generated by automatic bootloader entries configuration from multiple attached devices. * The system file system configuration file for Linux machines, the "/etc/fstab" file is now updated to include a reference to the EFI partition in the case of a partition image base deployment. Without this reference, images deployed using partition images could end up in situations where upgrading the bootloader could fail. * Fixes a minor issue with the regular expression used for UEFI duplicate entry cleanup which was introduced in a prior change to refactor the cleanup operation to avoid UEFI firmware which treats deletion of entries after addition as an invalid operation. * Fixes cases where duplicates may not be found in the UEFI firmware NVRAM boot entry table by explicitly looking for, and deleting for matching labels in advance of creating the EFI boot loader entry. * IPA now properly checks if the root partition is already mounted. See Story 2008631 (https://storyboard.openstack.org/#!/story/2008631) for details. * Fixes an error with UEFI based deployments where using a partition image a NVMe device was previously failing due to the different device name pattern. * Fixes an issue where partitions are not visible due to a incorrect call to have the partition table re-read. * Fixes an issue where partitions are not visible due to an incorrect call to have the partition table re-read during raid configuration creation. * Fixes an issue where the NTP time sync at the IPA startup via chronyd is not immediate (which can break time sensitive components such as the generation of a TLS certificate). * Fixes failures with disk image conversions which result in memory allocation or input/output errors due to memory limitations by limiting the number of available memory allocation pools to a non- dynamic reasonable number which should not exceed the available system memory. * The lshw package version B.02.19.2-5 on CentOS 8.4 and 8.5 contains a bug (https://bugzilla.redhat.com/show_bug.cgi?id=1955250) that prevents the size of individual memory banks from being reported, with the result that the total memory size would be reported as 0 in some places. The total memory size is now taken from lshw's total memory size output (which does not suffer from the same problem) when available. * No longer crashes if MAC address cannot be determined for one of the network interfaces. * Fixes an issue where metadata erasure cleaning fails for partitions because the read-only file isn't found, while it is available at the base device. Adds a check for the base device file on failure. See story 2008696 (https://storyboard.openstack.org/#!/story/2008696). * Fixes the agent's EFI boot handling such that EFI assets from a partition image are preserved and used instead of overridden. This should permit operators to use Secure Boot with partition images IF the assets are already present in the partition image. * Mirrors the previously disconnected EFI system partitions (ESPs) in UEFI software RAID setups. Disconnected ESPs can lead to nodes booting with outdated kernel parameters or the UEFI firmware not finding bootable kernels at all. * Fixes incorrect root partition UUID after streaming a raw partition image. * Fixes nodes failing after deployment completes due to issues in the Grub2 EFI loader entry addition where a "BOOT.CSV" file provides the authoritative pointer to the bootloader to be used for booting the OS. The base issue with Grub2 is that it would update the UEFI bootloader NVRAM entries with whatever is present in a vendor specific "BOOT.CSV" or "BOOTX64.CSV" file. In some cases, a baremetal machine *can* crash when this occurs. More information can be found at story 2008962 (https://storyboard.openstack.org/#!/story/2008962). * Adds a call to "udevadm settle" in write_image.sh. After GPT and MBR are destroyed systemd-udevd gets triggered which may hold /dev/sda open preventing qemu-img from writting its image. * Provides a more specific error message if a UEFI-incompatible image is used in the UEFI mode. * Increase memory usage limit for "qemu-img convert" command to 2 GiB. See Story 2008667 (https://storyboard.openstack.org/#!/story/2008667) for details. Changes in ironic-python-agent 6.4.3..6.4.4 ------------------------------------------- 0b292a1 Re-read the partition table with partx -a, part 2 06cf7f3 Re-read the partition table with partx -a 9525a11 Fix UEFI record regex 47ac40a Delete EFI boot entry duplicate labels first 750934a Output verbose info from efibootmgr 48ffbaa Force immediate NTP time sync with chronyd at IPA startup 97ce08d Fix getting memory size in some lshw output 2645240 Reduce logging verbosity when collecting logs 474d2a9 Utilize CSV file for EFI loader selection 350a67e Make _get_efi_bootloaders return relative paths ee81184 Limit qemu-img execution arenas 601b833 Fix NVMe Partition image on UEFI b307c34 Point ipa-builder to stable/wallaby 6e0d08c Software RAID: RAID the ESPs 37c39b1 Fix missing data in log messages bc13adf Add a call to "udevadm settle" in write_image.sh b3f489c Do not fail network interface collection on unsupported interface 92a7d7a Fix root UUID for streamed partition images 2076df9 Add fstab pointer to EFI partition 1a19f8b Prepare to use tinycore 12 99b9953 Check the base device if the read-only file cannot be read de1e751 Increase the memory limit for qemu-img d1a365e Fixes local boot for partition images 0ff5726 Fix error message with UEFI-incompatible images a820851 Mock tests to return bios boot mode 9961ed6 Prevent broken partition image UEFI deploys 07cf2c1 Option to enable bootloader config failure bypass Diffstat (except docs and test files) ------------------------------------- ironic_python_agent/config.py | 12 + ironic_python_agent/extensions/image.py | 682 +++++++--- ironic_python_agent/extensions/standby.py | 4 + ironic_python_agent/hardware.py | 49 +- ironic_python_agent/shell/write_image.sh | 14 +- ironic_python_agent/utils.py | 23 +- ...all-failure-to-be-ignored-b99667b13afa9759.yaml | 21 + ...nd-efi-partition-to-fstab-e9f945a4dd19bd7a.yaml | 8 + .../notes/correct-uefi-regex-112211c2427cd4d9.yaml | 7 + .../de-duplicate-by-label-baa090c5b1bff992.yaml | 6 + ...boot-for-partition-images-755f570dc0982868.yaml | 7 + ...-partition-image-handling-b8487133a188fd32.yaml | 6 + .../notes/fix-rescan-device-7b00c6836b687ce8.yaml | 5 + .../fix-rescan-device-raid-29aa1558b036b496.yaml | 7 + .../fix_chronyd_time_sync-626a14b66ca37677.yaml | 6 + ...mit-qemu-img-malloc-arena-025ed84115481eae.yaml | 7 + .../lshw-no-memory-bank-size-05ea71987362986e.yaml | 9 + releasenotes/notes/no-mac-54616606ee6b844d.yaml | 5 + ...eck_read_only_base_device-5bc15ac2f034aca9.yaml | 7 + ...serve-efi-folder-contents-ea1e278b3093ec55.yaml | 7 + .../software-raid-raid-ESPs-25a2aa117b99620a.yaml | 7 + .../notes/streaming-uuid-fdf136a7745fbb3d.yaml | 5 + ...t-bootloader-csv-file-use-c815b520c600cd98.yaml | 22 + .../notes/udevadm-settle-9d3e5f1f20211857.yaml | 7 + .../notes/uefi-images-38c8536db189ffc1.yaml | 5 + .../notes/up-qemuimg-mem-1536183a02b3a235.yaml | 7 + tox.ini | 6 +- zuul.d/ironic-python-agent-jobs.yaml | 7 +- zuul.d/project.yaml | 20 +- 33 files changed, 2212 insertions(+), 453 deletions(-) From no-reply at openstack.org Wed Jan 26 11:50:37 2022 From: no-reply at openstack.org (no-reply at openstack.org) Date: Wed, 26 Jan 2022 11:50:37 -0000 Subject: [release-announce] ironic-inspector 10.4.2 (victoria) Message-ID: We are overjoyed to announce the release of: ironic-inspector 10.4.2: Hardware introspection for OpenStack Bare Metal This release is part of the victoria stable release series. The source is available from: https://opendev.org/openstack/ironic-inspector Download the package from: https://tarballs.openstack.org/ironic-inspector/ Please report issues through: https://storyboard.openstack.org/#!/project/944 For more details, please see below. 10.4.2 ^^^^^^ Bug Fixes * Fixes an issue where a failed inspection due to a transient failure can prevent retry attempts to inspect to be perceived as a failure. If a prior inspection fails and is in "error" state, when a new introspection is requested, the state is now appropriately set to "starting". Changes in ironic-inspector 10.4.1..10.4.2 ------------------------------------------ e1d457d Ignored error state cache for new requests 7ebc8fa Point ipa-builder to stable/wallaby 995febc Use port.id instead of port.uuid 6a668c6 Fix port id vs uuid in ValidateInterfacesHook abe6eb4 Enable tempurls for Swift in grenade 6e29310 Fix node id vs uuid in processing_logger_prefix bbef83f Avoid a full install in tox environments that do not need it 965a4f5 Fix memcached host address. 52a6452 Remove lower-constraints job Diffstat (except docs and test files) ------------------------------------- devstack/plugin.sh | 2 +- ironic_inspector/node_cache.py | 8 +++++++- ironic_inspector/plugins/base_physnet.py | 2 +- ironic_inspector/plugins/local_link_connection.py | 2 +- ironic_inspector/plugins/standard.py | 2 +- ironic_inspector/test/unit/test_node_cache.py | 11 +++++++++++ .../unit/test_plugins_local_link_connection.py | 2 +- .../test/unit/test_plugins_physnet_cidr_map.py | 4 ++-- .../test/unit/test_plugins_standard.py | 2 +- ironic_inspector/test/unit/test_utils.py | 8 ++++---- ironic_inspector/utils.py | 2 +- .../fix-cache-error-on-start-27f492ba863d5f92.yaml | 7 +++++++ test-requirements.txt | 6 ------ tox.ini | 22 +++++++++++++++++++--- zuul.d/ironic-inspector-jobs.yaml | 8 ++++++-- zuul.d/project.yaml | 1 - 17 files changed, 69 insertions(+), 26 deletions(-) Requirements updates -------------------- diff --git a/test-requirements.txt b/test-requirements.txt index be6935d..46ecfaf 100644 --- a/test-requirements.txt +++ b/test-requirements.txt @@ -10,5 +9,0 @@ hacking>=3.0.1,<3.1.0 # Apache-2.0 -sphinx>=2.0.0,!=2.1.0 # BSD -sphinxcontrib-svg2pdfconverter>=0.1.0 # BSD -sphinxcontrib-apidoc>=0.2.0 # BSD -openstackdocstheme>=2.2.0 # Apache-2.0 -os-api-ref>=1.4.0 # Apache-2.0 @@ -17 +11,0 @@ stestr>=1.0.0 # Apache-2.0 -reno>=3.1.0 # Apache-2.0 From no-reply at openstack.org Wed Jan 26 11:54:36 2022 From: no-reply at openstack.org (no-reply at openstack.org) Date: Wed, 26 Jan 2022 11:54:36 -0000 Subject: [release-announce] ironic 16.0.4 (victoria) Message-ID: We are delighted to announce the release of: ironic 16.0.4: OpenStack Bare Metal Provisioning This release is part of the victoria stable release series. The source is available from: https://opendev.org/openstack/ironic Download the package from: https://tarballs.openstack.org/ironic/ Please report issues through: https://storyboard.openstack.org/#!/project/943 For more details, please see below. 16.0.4 ^^^^^^ Security Issues *************** * Fixes an issue with the "/v1/nodes/detail" endpoint where an authenticated user could explicitly ask for an "instance_uuid" lookup and the associated node would be returned to the user with sensitive fields redacted in the result payload if the user did not explicitly have "owner" or "lessee" permissions over the node. This is considered a low-impact low-risk issue as it requires the API consumer to already know the UUID value of the associated instance, and the returned information is mainly metadata in nature. More information can be found in Storyboard story 2008976 (https://storyboard.openstack.org/#!/story/2008976). Bug Fixes ********* * If the agent accepts a command, but is unable to reply to Ironic (which sporadically happens before of the eventlet's TLS implementation), we currently retry the request and fail because the command is already executing. Ironic now detects this situation by checking the list of executing commands after receiving a connection error. If the requested command is the last one, we assume that the command request succeeded. * Fixes fast-track to prevent marking the agent as alive if trying to rebuild a node before the fast-track timeout has expired. * Fixes potential cache coherency issues by caching the AgentClient per task, rather than globally. * Fixes the "[deploy]configdrive_use_object_store" option that was broken during the Python 3 transition. * Fixes an issue with the "/v1/nodes/detail" endpoint where requests for an explicit "instance_uuid" match would not follow the standard query handling path and thus not be filtered based on policy determined access level and node level "owner" or "lessee" fields appropriately. Additional information can be found in story 2008976 (https://storyboard.openstack.org/#!/story/2008976). * Fixes recognition of a busy agent to also handle recognition during deployment steps by more uniformly detecting and identifying when the "ironic-python-agent" service is busy. * Fixes the problem about grub2 config file. Some higher versions of grub2 (e.g. 2.05 or 2.06-rc1) use grub.cfg-01-MAC, while another lower versions of grub2 (e.g. 2.04) use MAC.conf, so we generate both paths in order to be compatible with both. * Fixes "idrac-wsman" management interface "set_boot_device" method that would fail deployment when there are existing jobs present with error "Failed to change power state to ''power on'' by ''rebooting''. Error: DRAC operation failed. Reason: Unfinished config jobs found: . Make sure they are completed before retrying.". Now there can be non-BIOS jobs present during deployment. This will still fail for cases when there are BIOS jobs present. In such cases should consider moving to "idrac- redfish" that does not have this limitation when setting boot device. * Fixed an issue where provisioning/cleaning would fail on IPv6 routed provider networks. See bug: 2009773 (https://storyboard.openstack.org/#!/story/2009773). * Fixes "idrac-wsman" BIOS "apply_configuration" and "factory_reset" clean and deploy steps to fail correctly in case of error when checking completed jobs. Before the fix when BIOS job failed, then node clean or deploy failed with timeout instead of actual error in cleaning or deploying step. * Fixes redfish firmware update for ilo5 based hardware by making necessary changes to check whether sushy_task.messages is present, since in case of iLo task data does not contain messages attribute. Also it was not calling prepare_ramdisk() before rebooting the system to update the firmware which has been fixed in this patch. * Fixes "idrac-wsman" power interface to wait for the hardware to reach the target state before returning. For systems where soft power off at the end of deployment to boot to instance failed and forced hard power off was used, this left node successfully deployed in off state without any errors. This broke other workflows expecting node to be on booted into OS at the end of deployment. Additional information can be found in story 2009204 (https://storyboard.openstack.org/#!/story/2009204). * Correctly wipes agent token on inspection start and abort. * Calculating the ipmitool *-N* and *-R* arguments from ironic.conf [ipmi] *command_retry_timeout* and *min_command_interval* now takes into account the 1 second interval increment that ipmitool adds on each retry event. Failure-path ipmitool run duration will now be just less than *command_retry_timeout* instead of much longer. * Adds handling of Redfish BMC's which lack a "BootSourceOverrideMode" flag, such that it is no longer a fatal error for a deployment if the BMC does not support this field. This most common on BMCs which feature only a partial implementation of the "ComputerSystem" resource "boot", but may also be observable on some older generations of BMCs which recieved updates to have partial Redfish support. * The "redfish-virtual-media" boot interface no longer passes validation for Dell nodes. The "idrac-redfish-virtual-media" boot interface must be used for these nodes instead. * The fix for story 2008252 (https://storyboard.openstack.org/#!/story/2008252) synced the boot mode after changing the boot device because Supermicro nodes reset the boot mode if not included in the boot device set. However this can cause a problem on Dell nodes when changing the mode uefi->bios or bios->uefi, see story 2008712 (https://storyboard.openstack.org/#!/story/2008712) for details. Restrict the syncing of the boot mode to Supermicro. * Retries virtual media insert on failure to allow for an eject that may not have finished. https://storyboard.openstack.org/#!/story/2008504 * Fixes a bug where a conductor could fail to complete a deployment if there was contention on a shared lock. This would manifest as an instance being stuck in the "deploying" state, though the node had in fact started or even completed its final boot. * When Ironic configures the BootSourceOverrideTarget setting via Redfish, on Supermicro BMCs it must always configure BootSourceOverrideEnabled or that will revert to default (Once) on the BMC, see story 2008547 (https://storyboard.openstack.org/#!/story/2008547) for details. This is different than what is currently implemented for other BMCs in which the BootSourceOverrideEnabled is not configured if it matches the current setting (see story 2007355 (https://storyboard.openstack.org/#!/story/2007355)). This requires that node.properties['vendor'] be 'supermicro' which will be set by Ironic from the Redfish system response or can be set manually. * Introduces lazy-loading of ports, portgroups, volume connections and volume targets in task manager to fix performance issues. For periodic tasks which create a task manager object but don't require the aforementioned data (e.g. power sync), this change should reduce the number of database interactions by around two thirds, speeding up overall execution. * Fixes an issue of powering off with the "idrac-wsman" management interface while the execution of a clear job queue cleaning step is proceeding. Prior to this fix, the clean step would fail when powering off a node. Changes in ironic 16.0.3..16.0.4 -------------------------------- 87f15ec6e Ensure 'port' is up2date after binding:host_id 259647c7c CI: Lower test VM memory by 400MB 969cfefee Fix idrac-wsman deploy with existing non-BIOS jobs 0df43f758 Fix idrac-wsman set_power_state to wait on HW 87dee0250 Use shim-signed on Ubuntu, shim is empty now 2df5dc42a Use openstack-tox for ironic-tox-unit-with-driver-libs d09a158cc Fix iPXE docs: snponly is not always available 0cb15a223 Cache AgentClient on Task, not globally 4ac6ad731 Update the clear job id's constant 755c75e2e Fix node detail instance_uuid request handling 0bc5265ec Refactor iDRAC OEM extension manager calls e2ede2607 Set IPA download branch to stable/victoria for victoria 05f864706 Update project conundrum related docs 3258e49a5 Delete unavailable py2 package 0df78f600 Point ipa-builder to stable/wallaby 678714261 Fix deployment when executing a command fails after the command starts e88436688 Inherit InvalidImageRef from InvalidParameterValue c9425f995 Wipe agent tokens on inspection start and abort 550c4e075 update grub2 file name b205a32ca Fix ipmitool timing argument calculation 6130dc15e Fix idrac-wsman BIOS step async error handling 4fd099345 Restrict syncing of boot mode to Supermicro 13fc01fe3 Allow unsupported redfish set_boot_mode c2647f101 Prepare to use tinycore 12 for tinyipa 4ed8ceef6 Lazy-load node details from the DB b2b862f53 [Trivial] Fix testing of volume connector exception 25a05cf35 Always retry locking when performing task handoff d1ffc6a55 Handle agent still doing the prior command 90da180a1 devstack: a safeguard for disabled tempurls a1f596590 Enable swift temporary URLs in grenade and provide a good error message dea33cbaf Fix broken configdrive_use_object_store 73a600afa Switch multinode jobs to 512M RAM 78924eca2 Move the IPv6 job to the experimental pipeline cbccfa2a9 Don't mark an agent as alive if rebooted 46b34a73b Prevent redfish-virtual-media from being used with Dell nodes 80017a1d3 Fixes issue of redfish firmware update 7d74ea0ee For Supermicro BMCs set enable when changing boot device 1e8e54041 Refactor vendor detection and add Redfish implementation 0e4e00e82 Add a delay/retry is vmedia insert fails 26e8b9b01 [stable] Remove lower-constraints job Diffstat (except docs and test files) ------------------------------------- bindep.txt | 2 +- devstack/lib/ironic | 16 +- .../include/configure-ironic-api-mod_wsgi.inc | 10 +- .../install/include/configure-ironic-api.inc | 2 +- ironic/api/controllers/v1/node.py | 99 ++++++------- ironic/common/exception.py | 7 +- ironic/common/neutron.py | 3 +- ironic/common/pxe_utils.py | 14 +- ironic/common/swift.py | 7 +- ironic/conductor/cleaning.py | 11 ++ ironic/conductor/deployments.py | 13 +- ironic/conductor/manager.py | 18 ++- ironic/conductor/task_manager.py | 85 +++++++++-- ironic/conductor/utils.py | 38 +++++ ironic/db/sqlalchemy/api.py | 2 +- ironic/drivers/modules/agent.py | 14 +- ironic/drivers/modules/agent_base.py | 41 +++--- ironic/drivers/modules/agent_client.py | 144 +++++++++++++++--- ironic/drivers/modules/ansible/deploy.py | 6 +- ironic/drivers/modules/drac/bios.py | 20 ++- ironic/drivers/modules/drac/boot.py | 70 ++------- ironic/drivers/modules/drac/management.py | 4 +- ironic/drivers/modules/drac/power.py | 45 +++--- ironic/drivers/modules/drac/utils.py | 121 +++++++++++++++ ironic/drivers/modules/ipmitool.py | 87 +++++------ ironic/drivers/modules/iscsi_deploy.py | 4 +- ironic/drivers/modules/redfish/boot.py | 36 ++++- ironic/drivers/modules/redfish/management.py | 63 +++++++- .../unit/drivers/modules/drac/test_management.py | 13 +- .../unit/drivers/modules/irmc/test_inspect.py | 17 --- .../unit/drivers/modules/redfish/test_boot.py | 80 ++++++++++ .../drivers/modules/redfish/test_management.py | 95 +++++++++++- .../unit/drivers/modules/test_agent_client.py | 162 +++++++++++++++++++++ .../unit/drivers/modules/test_iscsi_deploy.py | 3 +- .../notes/agent-last-command-4ec6967c995ba84a.yaml | 9 ++ .../notes/agent-rebooted-fab20d012fe6cbe8.yaml | 6 + ...ache-agentclient-per-task-ec2231684e6876d9.yaml | 5 + ...figdrive_use_object_store-93cfd7dc27d90003.yaml | 5 + ...ed-instance-info-behavior-1375914a30621eca.yaml | 20 +++ .../fix-busy-agent-check-3cf75242b4783009.yaml | 6 + ...ix-grub2-config-file-name-88e689a982a21684.yaml | 7 + ...th-existing-non-bios-jobs-78aa2195d0c3016f.yaml | 12 ++ ...g-routed-provider-network-bbd0c46559f618ac.yaml | 6 + ...async-step-error-handling-80cd30c54c71c595.yaml | 8 + ...ish-firmware-update-issue-c6dfcd71a2f659a5.yaml | 9 ++ ...sman-set-power-state-wait-cd8f9ff41b19c7a7.yaml | 10 ++ .../notes/inspection-token-b3d9e8e34341d680.yaml | 4 + ...pmi_command_retry_timeout-889a49b402e82b97.yaml | 9 ++ ...ride-not-present-handling-92e7263617e467c4.yaml | 9 ++ .../redfish-vmedia-vendor-fc76086893d99415.yaml | 6 + ...fter-device-to-supermicro-218e8cb57735c685.yaml | 11 ++ .../notes/retry-vmedia-1999742c84f11103.yaml | 6 + ...fix-stuck-deploying-state-43d51149a02c08b8.yaml | 7 + ...-redfish-override-enabled-aa51686ed33d3061.yaml | 15 ++ .../taskmanager-lazy-load-32a14526c647c2f0.yaml | 9 ++ ...clear-job-id-constant-fix-c69cf96c55364bb3.yaml | 7 + zuul.d/ironic-jobs.yaml | 34 +++-- zuul.d/project.yaml | 6 +- 85 files changed, 2001 insertions(+), 591 deletions(-) From no-reply at openstack.org Wed Jan 26 11:56:32 2022 From: no-reply at openstack.org (no-reply at openstack.org) Date: Wed, 26 Jan 2022 11:56:32 -0000 Subject: [release-announce] monasca-agent 4.0.1 (victoria) Message-ID: We are satisfied to announce the release of: monasca-agent 4.0.1: Monitoring agent for gathering metrics and sending them to the Monasca API. This release is part of the victoria stable release series. The source is available from: https://opendev.org/openstack/monasca-agent Download the package from: https://tarballs.openstack.org/monasca-agent/ Please report issues through: https://bugs.launchpad.net/monasca/+bugs For more details, please see below. Changes in monasca-agent 4.0.0..4.0.1 ------------------------------------- 91db19f Fix Monasca-Setup Keystone detection 4fb0ae6 Fix PY3 issue 574a067 Fix Docker builds a2d412f Set 'libvirt_type' and 'libvirt_uri' options in the 'libvirt' plugin to be defined in conf.d/libvirt.yaml 1aa5a17 Fix small issue in dokcer plugin. e340d36 Remove incorrect plugins configuration for docker image. 9db15dd Fix zuul publish docker image job 8be2a8d Update TOX_CONSTRAINTS_FILE for stable/victoria 73d8b18 Update .gitreview for stable/victoria c0b8ad5 Adding python3-libvirt for Ubuntu-focal Diffstat (except docs and test files) ------------------------------------- .gitreview | 1 + bindep.txt | 3 +- conf.d/libvirt.yaml.example | 5 +++ monasca_agent/collector/checks_d/docker.py | 2 +- monasca_agent/collector/checks_d/mysql.py | 6 ++- monasca_agent/collector/virt/libvirt/inspector.py | 47 +++++++++++++++-------- monasca_setup/detection/plugins/keystone.py | 5 ++- playbooks/docker-publish.yml | 6 +-- tox.ini | 2 +- 18 files changed, 58 insertions(+), 54 deletions(-) From no-reply at openstack.org Wed Jan 26 12:04:08 2022 From: no-reply at openstack.org (no-reply at openstack.org) Date: Wed, 26 Jan 2022 12:04:08 -0000 Subject: [release-announce] horizon 18.6.3 (victoria) Message-ID: We are stoked to announce the release of: horizon 18.6.3: OpenStack Dashboard This release is part of the victoria stable release series. The source is available from: https://opendev.org/openstack/horizon Download the package from: https://tarballs.openstack.org/horizon/ Please report issues through: https://bugs.launchpad.net/horizon/+bugs For more details, please see below. Changes in horizon 18.6.2..18.6.3 --------------------------------- c82c41a46 Imported Translations from Zanata aa9e33fe1 Imported Translations from Zanata 2d7b3e9dc Escape unicode characters when setting logout_reason cookie e96945376 Dropping lower constraints testing from stable branches a7b4da125 Add horizontal scrollbar to role dropdown ad30888c0 Handle an attached volume without volume_image_metadata 78ba522c7 Fix Unable to use multiattach volume as boot for new server 0d14e7dd1 Change with_data=False for swift_get_container 146beeda5 Imported Translations from Zanata f9da495c5 Imported Translations from Zanata 7f230afdb Imported Translations from Zanata e1bfc5239 Imported Translations from Zanata 3daa963fa doc: Update our IRC server to OFTC f0f429543 Imported Translations from Zanata c63e4c91a Fix community image handling in launch instance form 00d24d7ca Don't load user role assignment or groups tabs for non-admins 8e69282bf Save instace_id inside Associate Floating IP workflow 06902eb31 Fix Material theme to work with any combination of pyScss and MDI icons 23a21efb7 Imported Translations from Zanata 862c37cf1 On the create instance from, when the image name is empty, show id 77df0abd6 Imported Translations from Zanata Diffstat (except docs and test files) ------------------------------------- .zuul.d/project.yaml | 1 - .../locale/en_GB/LC_MESSAGES/doc-contributor.po | 11 +- .../locale/id/LC_MESSAGES/doc-contributor.po | 7 +- horizon/locale/es/LC_MESSAGES/django.po | 9 +- horizon/locale/es/LC_MESSAGES/djangojs.po | 9 +- horizon/templates/auth/_login_form.html | 6 +- horizon/templates/auth/_password_form.html | 6 +- horizon/utils/functions.py | 2 +- lower-constraints.txt | 156 --- openstack_auth/locale/es/LC_MESSAGES/django.po | 10 +- openstack_auth/locale/ru/LC_MESSAGES/django.po | 12 +- openstack_auth/locale/zh_CN/LC_MESSAGES/django.po | 10 +- openstack_auth/views.py | 18 +- openstack_dashboard/api/microversions.py | 4 +- openstack_dashboard/api/nova.py | 3 +- openstack_dashboard/api/swift.py | 2 +- .../dashboards/identity/users/tabs.py | 8 + .../dashboards/project/floating_ips/workflows.py | 26 +- .../dashboards/project/instances/tabs.py | 13 +- .../launch-instance-model.service.js | 28 +- .../launch-instance-model.service.spec.js | 67 +- .../launch-instance/source/source.controller.js | 2 +- .../locale/es/LC_MESSAGES/django.po | 1262 +++++++++++++++++++- .../locale/es/LC_MESSAGES/djangojs.po | 668 +++++++++-- .../locale/zh_CN/LC_MESSAGES/django.po | 157 ++- .../locale/zh_CN/LC_MESSAGES/djangojs.po | 13 +- .../dashboard/scss/components/_membership.scss | 2 + .../pages/project/network/floatingipspage.py | 6 +- openstack_dashboard/test/unit/api/test_nova.py | 2 +- openstack_dashboard/test/unit/api/test_swift.py | 3 +- .../themes/material/static/horizon/_icons.scss | 3 + .../static/horizon/components/_checkboxes.scss | 2 + .../horizon/components/_context_selection.scss | 6 +- .../static/horizon/components/_datepicker.scss | 4 + .../static/horizon/components/_navbar.scss | 6 +- .../static/horizon/components/_radiobuttons.scss | 2 + .../static/horizon/components/_spinners.scss | 6 + tox.ini | 6 - 42 files changed, 2203 insertions(+), 391 deletions(-) From no-reply at openstack.org Wed Jan 26 12:32:46 2022 From: no-reply at openstack.org (no-reply at openstack.org) Date: Wed, 26 Jan 2022 12:32:46 -0000 Subject: [release-announce] python-manilaclient 2.6.2 (wallaby) Message-ID: We are thrilled to announce the release of: python-manilaclient 2.6.2: Client library for OpenStack Manila API. This release is part of the wallaby stable release series. The source is available from: https://opendev.org/openstack/python-manilaclient Download the package from: https://pypi.org/project/python-manilaclient Please report issues through: https://bugs.launchpad.net/python-manilaclient/+bugs For more details, please see below. 2.6.2 ^^^^^ Bug Fixes * Launchpad bug 1953670 (https://bugs.launchpad.net/python- manilaclient/+bug/1953670) has been fixed by updating the attribute name for the share group type access repr to be share_group_type_id. Changes in python-manilaclient 2.6.1..2.6.2 ------------------------------------------- a9d1193 Fix the id attr for share group type access repr 1412265 [CI] Fix CI jobs Diffstat (except docs and test files) ------------------------------------- manilaclient/v2/share_group_type_access.py | 2 +- ...ix-id-attr-for-share-group-type-access-repr-008338a53d7a6a50.yaml | 5 +++++ zuul.d/project.yaml | 5 ++--- 4 files changed, 10 insertions(+), 5 deletions(-) From no-reply at openstack.org Wed Jan 26 17:07:00 2022 From: no-reply at openstack.org (no-reply at openstack.org) Date: Wed, 26 Jan 2022 17:07:00 -0000 Subject: [release-announce] oslo.limit 1.5.0 (yoga) Message-ID: We are amped to announce the release of: oslo.limit 1.5.0: Limit enforcement library to assist with quota calculation. This release is part of the yoga release series. The source is available from: https://opendev.org/openstack/oslo.limit Download the package from: https://pypi.org/project/oslo.limit Please report issues through: https://bugs.launchpad.net/oslo.limit/+bugs For more details, please see below. 1.5.0 ^^^^^ New Features * "Enforcer" objects now cache limits by default for the lifetime of the object to provide improved performance when multiple calls of "enforce()" are needed. This behavior is controlled by the boolean "cache" keyword argument to the "__init__" method. Changes in oslo.limit 1.4.0..1.5.0 ---------------------------------- bf9deb1 Add interfaces for getting limits without enforcing 7e4f36a Allow project_id=None for enforce/calculate a49f3a0 Make calculate_usage() work if limits are missing 43683f5 Add caching of limits in Enforcer ea5ff2d Add auth plugin options to options list 489feb5 Add Python3 yoga unit tests e60489f Update master for stable/xena a7d8f41 setup.cfg: Replace dashes with underscores a625860 Changed minversion in tox to 3.18.0 Diffstat (except docs and test files) ------------------------------------- .zuul.yaml | 2 +- oslo_limit/fixture.py | 2 +- oslo_limit/limit.py | 127 +++++++++---- oslo_limit/opts.py | 3 + .../enforcer-limit-caching-fb59725aad88b039.yaml | 7 + releasenotes/source/index.rst | 1 + releasenotes/source/xena.rst | 6 + setup.cfg | 8 +- tox.ini | 6 +- 11 files changed, 309 insertions(+), 69 deletions(-) From no-reply at openstack.org Wed Jan 26 17:09:33 2022 From: no-reply at openstack.org (no-reply at openstack.org) Date: Wed, 26 Jan 2022 17:09:33 -0000 Subject: [release-announce] ironic-python-agent 8.2.1 (xena) Message-ID: We are pumped to announce the release of: ironic-python-agent 8.2.1: Ironic Python Agent Ramdisk This release is part of the xena stable release series. The source is available from: https://opendev.org/openstack/ironic-python-agent Download the package from: https://tarballs.openstack.org/ironic-python-agent/ Please report issues through: https://storyboard.openstack.org/#!/project/openstack/ironic- python-agent For more details, please see below. 8.2.1 ^^^^^ Bug Fixes * No longer ignores global TLS configuration options ("ipa- insecure", etc) when downloading a configdrive via a URL. * No longer ignores error status codes from the server when downloading a configdrive via a URL. * The configdrive downloading code now respects the "ipa-image- download-connection-timeout" option and will no longer hang for a long time if the server does not respond. * Fixes a minor issue with the regular expression used for UEFI duplicate entry cleanup which was introduced in a prior change to refactor the cleanup operation to avoid UEFI firmware which treats deletion of entries after addition as an invalid operation. * Fixes cases where duplicates may not be found in the UEFI firmware NVRAM boot entry table by explicitly looking for, and deleting for matching labels in advance of creating the EFI boot loader entry. * Fixes a race on software RAID creation: since the creation of partitions is asynchronous, we need to wait for all udev events to be processed before we can use the partitions to create an md device. * Fixes an issue where partitions are not visible due to a incorrect call to have the partition table re-read. * Fixes an issue where partitions are not visible due to an incorrect call to have the partition table re-read during raid configuration creation. * Fixes an issue when the EFI partition UUID is not set and an attempt to edit /etc/fstab is made. * The configured log file and/or log directory is now always explicitly included in the ramdisk logs. Changes in ironic-python-agent 8.2.0..8.2.1 ------------------------------------------- ede0847 Re-read the partition table with partx -a, part 2 8c88a40 Re-read the partition table with partx -a e10f052 Fix UEFI record regex 48fe889 Always include the oslo_log log file in ramdisk logs 33b3970 Delete EFI boot entry duplicate labels first f9ed56e Fix error messages in burnin code 442fc43 Respect global parameters when downloading a configdrive 5898a93 Assert EFI part UUID is not None before editing fstab a0c55b9 Software RAID: Call udev_settle before creation c28c333 Update TOX_CONSTRAINTS_FILE for stable/xena 67676e3 Update .gitreview for stable/xena Diffstat (except docs and test files) ------------------------------------- .gitreview | 1 + ironic_python_agent/burnin.py | 14 +-- ironic_python_agent/extensions/image.py | 38 ++++--- ironic_python_agent/hardware.py | 9 +- ironic_python_agent/partition_utils.py | 20 +++- ironic_python_agent/utils.py | 8 ++ .../notes/configdrive-ssl-02b069948dfef814.yaml | 12 ++ .../notes/correct-uefi-regex-112211c2427cd4d9.yaml | 7 ++ .../de-duplicate-by-label-baa090c5b1bff992.yaml | 6 + ...x-nvme-software-raid-race-2e0e104de9611228.yaml | 7 ++ .../notes/fix-rescan-device-7b00c6836b687ce8.yaml | 5 + .../fix-rescan-device-raid-29aa1558b036b496.yaml | 7 ++ .../notes/fix_efi_uuid_fstab-f2edbee9bfbac64a.yaml | 6 + releasenotes/notes/log-file-7aaaf31693ddc617.yaml | 5 + tox.ini | 8 +- 21 files changed, 382 insertions(+), 105 deletions(-) From no-reply at openstack.org Wed Jan 26 17:11:55 2022 From: no-reply at openstack.org (no-reply at openstack.org) Date: Wed, 26 Jan 2022 17:11:55 -0000 Subject: [release-announce] horizon 21.0.0 (yoga) Message-ID: We are pumped to announce the release of: horizon 21.0.0: OpenStack Dashboard This release is part of the yoga release series. The source is available from: https://opendev.org/openstack/horizon Download the package from: https://tarballs.openstack.org/horizon/ Please report issues through: https://bugs.launchpad.net/horizon/+bugs For more details, please see below. 21.0.0 ^^^^^^ New Features ************ * A new entry has been added to the context switcher menu, visible only when the current user has access to the system scope. This entry, labeled "system scope", allows to switch to a system-scope token, so that operations that require this kind of token can be performed. * [:bug:`1907843`] RBAC shared security groups can now be shown in the Security Groups page. Previously only the security groups owned by the login tenant can be displayed and used. Besides, a column for the shared field is added to the Security Groups table. Upgrade Notes ************* * The Django version of the launch instance form was dropped. It was deprecated since Wallaby release. "LAUNCH_INSTANCE_LEGACY_ENABLED" and "LAUNCH_INSTANCE_NG_ENABLED" setting were dropped as horizon uses angular version of launch instance by default. * Django 2.2 support was dropped. Django 2.2 ends its extended support in April 2022. Considering this horizon dropped Django 2.2 support and uses Django 3.2 as default. Bug Fixes ********* * [:bug:`1874705`] Add a new variable WEBSSO_USE_HTTP_REFERER to facilitate WEBSSO deployments where network segmentation is used per security requirement. In this case, the controllers cannot reach other services external endpoints. Therefore, using the HTTP_REFERER to derive the Keystone endpoint in the websso view will return a timeout for requests to Keystone in cases where the external Keystone endpoint is the HTTP_REFERER. WEBSSO_USE_HTTP_REFERER defaults to True to keep inline with current functionality. When set to False the OPENSTACK_KEYSTONE_URL is used instead of the HTTP_REFERER. If OPENSTACK_KEYSTONE_URL is set to the internal Keystone endpoint the requests between Horizon and Keystone should be able to connect. Changes in horizon 20.2.0..21.0.0 --------------------------------- 6ac31e0ba Drop Django based implementation of launch instance 83f864f49 Fix hardcoded link error in sphinx 4.4.0 33292ca0a Use OPENSTACK_KEYSTONE_URL instead of HTTP_REFERRER b8cc0043d Fix maximum recursion depth error when generating documentation 8918bf751 Drop Django 2.2 support 7249e7c1d Updating python testing as per Yoga testing runtime 062150f45 Include the images name on the image detail page 34a0159d1 Add system scope support to context switcher f9bab3fe1 Create Keystone admin endpoint for horizon integartion job c7ea66bc3 Support RBAC security groups in dashboard 93b18ce57 Retrieve volume groups after filtering by project e53c4d8ca Fix the instances pagination integration tests Diffstat (except docs and test files) ------------------------------------- .zuul.d/cross-jobs.yaml | 4 +- .zuul.d/django-jobs.yaml | 16 +- .zuul.d/tempest-and-integrated.yaml | 5 + horizon/tables/actions.py | 5 +- lower-constraints.txt | 2 +- openstack_auth/defaults.py | 6 + openstack_auth/plugin/base.py | 25 + openstack_auth/urls.py | 3 + openstack_auth/user.py | 26 +- openstack_auth/utils.py | 28 +- openstack_auth/views.py | 57 +- openstack_dashboard/api/neutron.py | 19 + .../dashboards/admin/volumes/views.py | 2 + .../dashboards/project/images/images/tables.py | 6 +- .../dashboards/project/instances/tables.py | 23 +- .../instances/_launch_customize_help.html | 3 - .../dashboards/project/instances/urls.py | 1 - .../dashboards/project/instances/views.py | 21 - .../project/instances/workflows/__init__.py | 3 - .../project/instances/workflows/create_instance.py | 959 -------- .../project/instances/workflows/resize_instance.py | 51 +- .../templates/network_topology/_actions_list.html | 36 +- .../templates/network_topology/index.html | 5 - .../dashboards/project/network_topology/urls.py | 2 - .../dashboards/project/network_topology/utils.py | 12 +- .../dashboards/project/network_topology/views.py | 10 - .../dashboards/project/security_groups/tables.py | 14 + .../dashboards/project/snapshots/tables.py | 7 +- .../dashboards/project/volumes/tables.py | 7 +- openstack_dashboard/defaults.py | 14 - .../management/commands/upgrade_check.py | 13 - .../static/app/core/images/details/overview.html | 2 +- .../templates/context_selection/_overview.html | 7 + .../templates/context_selection/_system_list.html | 13 + .../templates/header/_context_selection.html | 8 + .../templatetags/context_selection.py | 24 + openstack_dashboard/test/helpers.py | 28 +- .../pages/project/volumes/volumespage.py | 3 +- openstack_dashboard/test/test_data/neutron_data.py | 19 +- openstack_dashboard/test/unit/api/test_neutron.py | 45 +- .../bp-system-scope-switch-c610c028bd5de706.yaml | 7 + ...ango-launch-instance-form-c6543e1d52786b79.yaml | 9 + .../drop-django22-support-d0e2dea1509228a2.yaml | 6 + ...ort-shared-security-group-cb3dafba46dbff8b.yaml | 7 + ...t-websso_use_http_referer-6fb2dc0d292b54d4.yaml | 15 + requirements.txt | 2 +- setup.cfg | 1 + tox.ini | 2 +- 68 files changed, 875 insertions(+), 3483 deletions(-) Requirements updates -------------------- diff --git a/requirements.txt b/requirements.txt index b04b6011d..151359316 100644 --- a/requirements.txt +++ b/requirements.txt @@ -15 +15 @@ debtcollector>=1.2.0 # Apache-2.0 -Django>=2.2,<3.3 # BSD +Django>=3.2,<3.3 # BSD From no-reply at openstack.org Thu Jan 27 10:23:01 2022 From: no-reply at openstack.org (no-reply at openstack.org) Date: Thu, 27 Jan 2022 10:23:01 -0000 Subject: [release-announce] python-manilaclient 2.3.1 (victoria) Message-ID: We are ecstatic to announce the release of: python-manilaclient 2.3.1: Client library for OpenStack Manila API. This release is part of the victoria stable release series. The source is available from: https://opendev.org/openstack/python-manilaclient Download the package from: https://pypi.org/project/python-manilaclient Please report issues through: https://bugs.launchpad.net/python-manilaclient/+bugs For more details, please see below. 2.3.1 ^^^^^ Bug Fixes * Launchpad bug 1953670 (https://bugs.launchpad.net/python- manilaclient/+bug/1953670) has been fixed by updating the attribute name for the share group type access repr to be share_group_type_id. Changes in python-manilaclient 2.3.0..2.3.1 ------------------------------------------- ab673a2 Fix the id attr for share group type access repr 3feef0c [CI] Fix CI jobs d1c3a53 Update TOX_CONSTRAINTS_FILE for stable/victoria 394ce6c Update .gitreview for stable/victoria Diffstat (except docs and test files) ------------------------------------- .gitreview | 1 + manilaclient/v2/share_group_type_access.py | 2 +- ...x-id-attr-for-share-group-type-access-repr-008338a53d7a6a50.yaml | 5 +++++ tox.ini | 6 +++--- zuul.d/project.yaml | 5 ++--- 6 files changed, 14 insertions(+), 8 deletions(-) From no-reply at openstack.org Thu Jan 27 10:25:07 2022 From: no-reply at openstack.org (no-reply at openstack.org) Date: Thu, 27 Jan 2022 10:25:07 -0000 Subject: [release-announce] vitrage 8.0.0 (yoga) Message-ID: We are happy to announce the release of: vitrage 8.0.0: The OpenStack RCA Service This release is part of the yoga release series. The source is available from: https://opendev.org/openstack/vitrage Download the package from: https://tarballs.openstack.org/vitrage/ Please report issues through: https://storyboard.openstack.org/#!/project/openstack/vitrage For more details, please see below. Changes in vitrage 7.5.0..8.0.0 ------------------------------- a0ee94a6 remove cielometer client, not used any more 3547663c Updating python testing classifier as per Yoga testing runtime 95b33dbf Add Python3 yoga unit tests 612bb9b2 Update master for stable/xena 6a2374a6 Changed minversion in tox to 3.18.0 7630444d update install doc Diffstat (except docs and test files) ------------------------------------- .zuul.yaml | 2 +- releasenotes/source/index.rst | 1 + releasenotes/source/xena.rst | 6 ++++++ setup.cfg | 2 +- tox.ini | 4 ++-- 7 files changed, 14 insertions(+), 5 deletions(-) From no-reply at openstack.org Thu Jan 27 10:32:28 2022 From: no-reply at openstack.org (no-reply at openstack.org) Date: Thu, 27 Jan 2022 10:32:28 -0000 Subject: [release-announce] vitrage-dashboard 3.5.0 (yoga) Message-ID: We eagerly announce the release of: vitrage-dashboard 3.5.0: Vitrage Horizon plugin This release is part of the yoga release series. The source is available from: https://opendev.org/openstack/vitrage-dashboard Download the package from: https://tarballs.openstack.org/vitrage-dashboard/ Please report issues through: https://storyboard.openstack.org/#!/project/openstack/vitrage- dashboard For more details, please see below. Changes in vitrage-dashboard 3.4.0..3.5.0 ----------------------------------------- 5b77f07 Updating python testing classifier as per Yoga testing runtime 36c9dbe Add Python3 yoga unit tests 85d0927 Update master for stable/xena 33e8992 Replace tox's whitelist_externals by allowlist_externals option Diffstat (except docs and test files) ------------------------------------- .zuul.yaml | 2 +- releasenotes/source/index.rst | 1 + releasenotes/source/xena.rst | 6 ++++++ setup.cfg | 1 + tox.ini | 4 ++-- 5 files changed, 11 insertions(+), 3 deletions(-) From no-reply at openstack.org Thu Jan 27 13:58:13 2022 From: no-reply at openstack.org (no-reply at openstack.org) Date: Thu, 27 Jan 2022 13:58:13 -0000 Subject: [release-announce] bifrost 11.2.1 (xena) Message-ID: We are tickled pink to announce the release of: bifrost 11.2.1: Deployment of physical machines using OpenStack Ironic and Ansible This release is part of the xena stable release series. The source is available from: https://opendev.org/openstack/bifrost Download the package from: https://tarballs.openstack.org/bifrost/ Please report issues through: https://storyboard.openstack.org/#!/project/openstack/bifrost For more details, please see below. 11.2.1 ^^^^^^ Bug Fixes * Fixed an outdated grub and shim efi binaries path for Red Hat to to be under "EFI/redhat". * Fixes the iptables rule for PXE on systems not using firewalld (use port UDP/67 and UDP/69 instead of TCP/68 and TCP/69). Changes in bifrost 11.2.0..11.2.1 --------------------------------- b00da7d5 Fix incompatibility with recent rich library 109ac6c1 Catch all exceptions from pbr when importing the root package 7f7e521b Fix RedHat required defaults 9abd16fb Fix the DHCP port in iptables (68 vs 67 and TCP vs UDP) d21a2460 Change git_branch in stable/xena dfc1945f Update TOX_CONSTRAINTS_FILE for stable/xena 64788645 Update .gitreview for stable/xena Diffstat (except docs and test files) ------------------------------------- .gitreview | 1 + bifrost/__init__.py | 4 ++-- playbooks/roles/bifrost-create-vm-nodes/defaults/main.yml | 2 +- playbooks/roles/bifrost-ironic-install/defaults/main.yml | 4 ++-- .../defaults/required_defaults_RedHat.yml | 4 ++-- .../roles/bifrost-ironic-install/tasks/bootstrap.yml | 15 +++++++++++++-- playbooks/roles/bifrost-prep-for-install/README.md | 2 +- .../roles/bifrost-prep-for-install/defaults/main.yml | 2 +- .../rhel_grub_efi_binaries_path-9b243b00bacef7a6.yaml | 5 +++++ releasenotes/notes/ubuntu-ports-6e6c2fef3dc7bccb.yaml | 5 +++++ tox.ini | 8 ++++---- 11 files changed, 37 insertions(+), 15 deletions(-) From no-reply at openstack.org Mon Jan 31 08:34:32 2022 From: no-reply at openstack.org (no-reply at openstack.org) Date: Mon, 31 Jan 2022 08:34:32 -0000 Subject: [release-announce] ovsdbapp 1.6.1 (victoria) Message-ID: We eagerly announce the release of: ovsdbapp 1.6.1: A library for creating OVSDB applications This release is part of the victoria stable release series. The source is available from: https://opendev.org/openstack/ovsdbapp Download the package from: https://tarballs.openstack.org/ovsdbapp/ Please report issues through: https://bugs.launchpad.net/ovsdbapp/+bugs For more details, please see below. Changes in ovsdbapp 1.6.0..1.6.1 -------------------------------- 8c3896a Actually close the connection in Connection.stop() c2617f9 Don't spam retries 100s of times a second d75a4df Add an active wait in the "Backend.lookup" d7cc1b2 Fix docs job e6bd200 Dropping lower constraints testing (stable Victoria) 4807809 Don't give up when an Exception happens in idl.run Diffstat (except docs and test files) ------------------------------------- lower-constraints.txt | 47 ---------------- ovsdbapp/backend/ovs_idl/__init__.py | 48 ++++++++++++++++- ovsdbapp/backend/ovs_idl/connection.py | 29 ++++++---- ovsdbapp/backend/ovs_idl/transaction.py | 10 +++- .../functional/backend/ovs_idl/test_backend.py | 63 ++++++++++++++++++++++ tox.ini | 7 +-- zuul.d/project.yaml | 1 - 7 files changed, 138 insertions(+), 67 deletions(-) From no-reply at openstack.org Mon Jan 31 08:46:36 2022 From: no-reply at openstack.org (no-reply at openstack.org) Date: Mon, 31 Jan 2022 08:46:36 -0000 Subject: [release-announce] os-ken 1.2.1 (victoria) Message-ID: We are pumped to announce the release of: os-ken 1.2.1: A component-based software defined networking framework for OpenStack. This release is part of the victoria stable release series. The source is available from: https://opendev.org/openstack/os-ken Download the package from: https://pypi.org/project/os-ken Please report issues through: https://storyboard.openstack.org/#!/project/openstack/os-ken For more details, please see below. Changes in os-ken 1.2.0..1.2.1 ------------------------------ 5e9a961c Avoid missing key 'password' for neighbor_add e6f2c0d1 Avoid logging MD5 password for BGP add neighbor c58c8019 Add requirements.txt to tox environment 49976897 Update TOX_CONSTRAINTS_FILE for stable/victoria df38cf4a Update .gitreview for stable/victoria b17f6fcb Fix lower-constraints and pep8 for Focal Diffstat (except docs and test files) ------------------------------------- .gitreview | 1 + .zuul.yaml | 5 +- lower-constraints.txt | 146 ------------------------------ os_ken/lib/packet/cfm.py | 2 +- os_ken/services/protocols/bgp/api/base.py | 8 +- requirements.txt | 2 +- test-requirements.txt | 2 +- tox.ini | 17 ++-- 9 files changed, 24 insertions(+), 160 deletions(-) Requirements updates -------------------- diff --git a/requirements.txt b/requirements.txt index 35763f29..9caccef8 100644 --- a/requirements.txt +++ b/requirements.txt @@ -9 +9 @@ netaddr>=0.7.18 # BSD -oslo.config>=2.5.0 +oslo.config>=5.1.0 diff --git a/test-requirements.txt b/test-requirements.txt index f9cdda91..f429a7f2 100644 --- a/test-requirements.txt +++ b/test-requirements.txt @@ -5 +5 @@ -hacking>=0.12.0,<0.13 # Apache-2.0 +hacking>=3.2.0,<3.3.0 # Apache-2.0 From no-reply at openstack.org Mon Jan 31 09:47:39 2022 From: no-reply at openstack.org (no-reply at openstack.org) Date: Mon, 31 Jan 2022 09:47:39 -0000 Subject: [release-announce] oslo.service 2.6.1 (xena) Message-ID: We exuberantly announce the release of: oslo.service 2.6.1: oslo.service library This release is part of the xena stable release series. The source is available from: https://opendev.org/openstack/oslo.service Download the package from: https://pypi.org/project/oslo.service Please report issues through: https://bugs.launchpad.net/oslo.service/+bugs For more details, please see below. 2.6.1 ^^^^^ New Features * A new config options, "[DEFAULT] wsgi_server_debug", has been added. This allows admins to configure whether the server should send exception tracebacks to the clients on HTTP 500 errors. This defaults to "False", preserving previous behavior. Changes in oslo.service 2.6.0..2.6.1 ------------------------------------ 13ee22c Make debug option of wsgi server configurable 7be76c2 Update TOX_CONSTRAINTS_FILE for stable/xena 48881c4 Update .gitreview for stable/xena Diffstat (except docs and test files) ------------------------------------- .gitreview | 1 + oslo_service/_options.py | 5 +++++ oslo_service/wsgi.py | 2 +- releasenotes/notes/add-wsgi_server_debug-opt-70d818b5b78bfc7c.yaml | 7 +++++++ tox.ini | 4 ++-- 5 files changed, 16 insertions(+), 3 deletions(-) From no-reply at openstack.org Mon Jan 31 09:53:29 2022 From: no-reply at openstack.org (no-reply at openstack.org) Date: Mon, 31 Jan 2022 09:53:29 -0000 Subject: [release-announce] oslo.service 2.5.1 (wallaby) Message-ID: We enthusiastically announce the release of: oslo.service 2.5.1: oslo.service library This release is part of the wallaby stable release series. The source is available from: https://opendev.org/openstack/oslo.service Download the package from: https://pypi.org/project/oslo.service Please report issues through: https://bugs.launchpad.net/oslo.service/+bugs For more details, please see below. 2.5.1 ^^^^^ New Features * A new config options, "[DEFAULT] wsgi_server_debug", has been added. This allows admins to configure whether the server should send exception tracebacks to the clients on HTTP 500 errors. This defaults to "False", preserving previous behavior. Changes in oslo.service 2.5.0..2.5.1 ------------------------------------ c1e3398 Make debug option of wsgi server configurable 36f5e36 Update TOX_CONSTRAINTS_FILE for stable/wallaby d26fc6f Update .gitreview for stable/wallaby 20e089f Move flake8 as a pre-commit local target. Diffstat (except docs and test files) ------------------------------------- .gitreview | 1 + .pre-commit-config.yaml | 10 +++++++--- oslo_service/_options.py | 5 +++++ oslo_service/wsgi.py | 2 +- .../notes/add-wsgi_server_debug-opt-70d818b5b78bfc7c.yaml | 7 +++++++ tox.ini | 4 ++-- 6 files changed, 23 insertions(+), 6 deletions(-) From no-reply at openstack.org Mon Jan 31 11:04:40 2022 From: no-reply at openstack.org (no-reply at openstack.org) Date: Mon, 31 Jan 2022 11:04:40 -0000 Subject: [release-announce] kuryr-lib 2.1.1 (victoria) Message-ID: We are pleased to announce the release of: kuryr-lib 2.1.1: Kuryr shared config and utilities This release is part of the victoria stable release series. The source is available from: https://opendev.org/openstack/kuryr-lib Download the package from: https://tarballs.openstack.org/kuryr/ For more details, please see below. Changes in kuryr-lib 2.1.0..2.1.1 --------------------------------- 0af5226 Remove run_as_root which fails without root_helper e43bf23 Remove the unused coding style modules 4081dfd Fix pep8 and lower-constraints gates a338724 Update TOX_CONSTRAINTS_FILE for stable/victoria 35eafe2 Update .gitreview for stable/victoria Diffstat (except docs and test files) ------------------------------------- .gitreview | 1 + kuryr/cmd/status.py | 1 + kuryr/lib/binding/drivers/hw_veb.py | 1 - kuryr/lib/binding/drivers/veth.py | 5 ++--- kuryr/lib/opts.py | 7 ++++--- lower-constraints.txt | 9 ++------- requirements.txt | 2 +- test-requirements.txt | 2 +- tox.ini | 2 +- 11 files changed, 16 insertions(+), 22 deletions(-) Requirements updates -------------------- diff --git a/requirements.txt b/requirements.txt index e7df952..205b94f 100644 --- a/requirements.txt +++ b/requirements.txt @@ -14 +14 @@ pbr!=2.1.0,>=2.0.0 # Apache-2.0 -pyroute2>=0.4.21;sys_platform!='win32' # Apache-2.0 (+ dual licensed GPL2) +pyroute2>=0.5.6;sys_platform!='win32' # Apache-2.0 (+ dual licensed GPL2) diff --git a/test-requirements.txt b/test-requirements.txt index c5ea2e5..c899d1c 100644 --- a/test-requirements.txt +++ b/test-requirements.txt @@ -8 +8 @@ ddt>=1.0.1 # MIT -hacking!=0.13.0,<0.14,>=0.12.0 # Apache-2.0 +hacking>=3.0.1,<3.1.0 # Apache-2.0 From no-reply at openstack.org Mon Jan 31 14:36:56 2022 From: no-reply at openstack.org (no-reply at openstack.org) Date: Mon, 31 Jan 2022 14:36:56 -0000 Subject: [release-announce] openstack-ansible 24.0.1 (xena) Message-ID: We are pumped to announce the release of: openstack-ansible 24.0.1: Ansible playbooks for deploying OpenStack This release is part of the xena stable release series. The source is available from: https://opendev.org/openstack/openstack-ansible Download the package from: https://tarballs.openstack.org/openstack-ansible/ Please report issues through: https://bugs.launchpad.net/openstack-ansible/+bugs For more details, please see below. 24.0.1 ^^^^^^ Known Issues * In the Xena release, TLS for VNC is enabled by default, for existing deployments this will prevent console access to existing virtual machines, as this configuration change does not apply to existing virtual machines. Virtual machines created after the configuration change are not affected. The virtual machines will run correctly, but your are not able to access them via the console. There are three possible solutions to enable console access for existing virtual machines; disable TLS for VNC, restart the virtual machine or live migrate the virtual machine. TLS for VNC can be disabled by setting "nova_qemu_vnc_tls" variable to "0" in the "/etc/openstack_deploy/user_variables.yml" file. Changes in openstack-ansible 24.0.0..24.0.1 ------------------------------------------- 725d19bc0 Fix infra scenario repo server cluster b44b6d8f3 Gather additional facts for haproxy playbook f57d9983d Fix definition of ssl_protocol 027803010 Remove CI jobs for centos-8 147997cd8 Bump OpenStack-Ansible Xena 20d2ba990 Add Ironic-related bridges to AIO e1a067ab3 Fix rich version for ansible-lint b32678a5f Update notes on how to enable TLS for VNC Diffstat (except docs and test files) ------------------------------------- ansible-role-requirements.yml | 24 ++--- etc/openstack_deploy/openstack_user_config.yml.aio | 14 +++ .../openstack_user_config.yml.aio.j2 | 25 ++++- inventory/group_vars/all/ssl.yml | 2 +- playbooks/defaults/repo_packages/gnocchi.yml | 2 +- playbooks/defaults/repo_packages/nova_consoles.yml | 4 +- .../defaults/repo_packages/openstack_services.yml | 110 ++++++++++----------- playbooks/haproxy-install.yml | 4 + .../notes/vnc-proxy-error-c081c682cacec70e.yaml | 15 +++ scripts/gate-check-commit.sh | 3 +- .../bootstrap-host/tasks/prepare_networking.yml | 26 +++++ .../templates/user_variables.aio.yml.j2 | 2 +- .../templates/user_variables_ironic.yml.j2 | 7 ++ zuul.d/jobs.yaml | 64 ------------ zuul.d/playbooks/pre-gate-cleanup.yml | 11 --- zuul.d/project-templates.yaml | 13 --- 17 files changed, 172 insertions(+), 164 deletions(-) From no-reply at openstack.org Mon Jan 31 14:37:14 2022 From: no-reply at openstack.org (no-reply at openstack.org) Date: Mon, 31 Jan 2022 14:37:14 -0000 Subject: [release-announce] openstack-ansible 23.2.1 (wallaby) Message-ID: We are satisfied to announce the release of: openstack-ansible 23.2.1: Ansible playbooks for deploying OpenStack This release is part of the wallaby stable release series. The source is available from: https://opendev.org/openstack/openstack-ansible Download the package from: https://tarballs.openstack.org/openstack-ansible/ Please report issues through: https://bugs.launchpad.net/openstack-ansible/+bugs For more details, please see below. Changes in openstack-ansible 23.2.0..23.2.1 ------------------------------------------- c2db3718f Fix infra scenario repo server cluster c722b7815 Gather additional facts for haproxy playbook a06cd7192 Fix definition of ssl_protocol c33deff11 Set infra_lxc job to centos-8-stream 1c59a829f Bump OpenStack-Ansible Wallaby 839f97ab2 Remove CI jobs for centos-8 7700ae53a Fix rich version for ansible-lint 8a7ceff3d Add nfs deployment scenario b27fe341d [doc] Clean out project index page for stable branches Diffstat (except docs and test files) ------------------------------------- ansible-role-requirements.yml | 18 +-- .../openstack_user_config.yml.aio.j2 | 5 +- inventory/group_vars/all/ssl.yml | 2 +- playbooks/defaults/repo_packages/gnocchi.yml | 2 +- playbooks/defaults/repo_packages/nova_consoles.yml | 4 +- .../defaults/repo_packages/openstack_services.yml | 112 ++++++++--------- playbooks/haproxy-install.yml | 4 + scripts/gate-check-commit.sh | 3 +- .../bootstrap-host/tasks/prepare_aio_config.yml | 3 + .../templates/user_variables_nfs.yml.j2 | 9 ++ zuul.d/jobs.yaml | 74 ++---------- zuul.d/playbooks/pre-gate-cleanup.yml | 11 -- zuul.d/project-templates.yaml | 26 ++-- 20 files changed, 229 insertions(+), 293 deletions(-) From no-reply at openstack.org Mon Jan 31 14:39:02 2022 From: no-reply at openstack.org (no-reply at openstack.org) Date: Mon, 31 Jan 2022 14:39:02 -0000 Subject: [release-announce] openstack-ansible 22.4.1 (victoria) Message-ID: We enthusiastically announce the release of: openstack-ansible 22.4.1: Ansible playbooks for deploying OpenStack This release is part of the victoria stable release series. The source is available from: https://opendev.org/openstack/openstack-ansible Download the package from: https://tarballs.openstack.org/openstack-ansible/ Please report issues through: https://bugs.launchpad.net/openstack-ansible/+bugs For more details, please see below. Changes in openstack-ansible 22.4.0..22.4.1 ------------------------------------------- 9f0f3710c Fix definition of ssl_protocol 69ae9db95 Bump OpenStack-Ansible Victoria eee3e2b4a Add nfs deployment scenario 0c181a028 Fix rich version for ansible-lint Diffstat (except docs and test files) ------------------------------------- ansible-role-requirements.yml | 14 +-- global-requirement-pins.txt | 1 + inventory/group_vars/all/ssl.yml | 2 +- playbooks/defaults/repo_packages/gnocchi.yml | 2 +- playbooks/defaults/repo_packages/nova_consoles.yml | 4 +- .../defaults/repo_packages/openstack_services.yml | 112 ++++++++++----------- .../bootstrap-host/tasks/prepare_aio_config.yml | 3 + .../templates/user_variables_nfs.yml.j2 | 9 ++ zuul.d/jobs.yaml | 5 + zuul.d/project-templates.yaml | 9 ++ 16 files changed, 212 insertions(+), 67 deletions(-) From no-reply at openstack.org Mon Jan 31 15:01:44 2022 From: no-reply at openstack.org (no-reply at openstack.org) Date: Mon, 31 Jan 2022 15:01:44 -0000 Subject: [release-announce] manila 13.0.2 (xena) Message-ID: We are delighted to announce the release of: manila 13.0.2: Shared Storage for OpenStack This release is part of the xena stable release series. The source is available from: https://opendev.org/openstack/manila Download the package from: https://tarballs.openstack.org/manila/ Please report issues through: https://bugs.launchpad.net/manila/+bugs For more details, please see below. 13.0.2 ^^^^^^ Known Issues ************ * User specified scheduler hints such as "same_host" and "different_host" are stored as share metadata with keys such as "__affinity_same_host" and "__affinity_different_host" respectively. These can be manipulated or deleted by end users like all metadata unless prevented by RBAC policy. In a future release, the service will restrict the deletion or manipulation of these specific metadata items. Bug Fixes ********* * Fixed an issue during snapshot creation where a database error was being mishandled with dead code. See Launchpad bug 1475351 (https://launchpad.net/bugs/1475351) for more details. Changes in manila 13.0.1..13.0.2 -------------------------------- 3d812459 Set tempest api version config in devstack plugin 31f7c972 early return for _share_replica_update() if there is no active replica 720f6e3f Update admin, user and contributor guide c72c607e XENA release note regarding scheduler filters f96d6278 Handle successful deletion of snapshot if quota commit fails 967a6ded Modify docker instalation for fedora systems 0fb10e6c Drop non-ASCII character from manila config Diffstat (except docs and test files) ------------------------------------- contrib/ci/post_test_hook.sh | 17 --- devstack/plugin.sh | 18 ++- .../admin/shared-file-systems-share-networks.rst | 15 +++ manila/share/api.py | 5 +- manila/share/drivers/netapp/options.py | 14 +-- manila/share/manager.py | 19 ++- ...-only-metadata-xena-issue-91690edef7bc13aa.yaml | 10 ++ ...hot-if-quota-commit-fails-4d150bf0b71a2fd9.yaml | 6 + 11 files changed, 251 insertions(+), 29 deletions(-) From no-reply at openstack.org Mon Jan 31 15:34:01 2022 From: no-reply at openstack.org (no-reply at openstack.org) Date: Mon, 31 Jan 2022 15:34:01 -0000 Subject: [release-announce] keystone 18.1.0 (victoria) Message-ID: We high-spiritedly announce the release of: keystone 18.1.0: OpenStack Identity This release is part of the victoria stable release series. The source is available from: https://opendev.org/openstack/keystone Download the package from: https://tarballs.openstack.org/keystone/ Please report issues through: https://bugs.launchpad.net/keystone/+bugs For more details, please see below. 18.1.0 ^^^^^^ Security Issues *************** * [bug 1901207 (https://bugs.launchpad.net/keystone/+bug/1901207)] Policy enforcement for application credentials has been updated to protect against invalid ownership checks resulting in unauthorized users being able to get and delete application credentials for other users. Bug Fixes ********* * [bug 1688137 (https://bugs.launchpad.net/keystone/+bug/1688137)] Fixed the AccountLocked exception being shown to the end user since it provides some information that could be exploited by a malicious user. The end user will now see Unauthorized instead of AccountLocked, preventing user info oracle exploitation. * [bug 1878938 (https://bugs.launchpad.net/keystone/+bug/1878938)] Previously when a user used to have system role assignment and tries to delete the same role, the system role assignments still existed in system_assignment table. This causes keystone to return *HTTP 404 Not Found* errors when listing role assignments with names (e.g., *--names* or *?include_names*). If you are affected by this bug, you must remove stale role assignments manually. The following is an example SQL statement you can use to fix the issue, but you should verify it's applicability to your deployment's SQL implementation and version. SQL: * delete from system_assignment where role_id not in (select id from role); * [bug 1885753 (https://bugs.launchpad.net/keystone/+bug/1885753)] Keystone's SQL identity backend now retries update user requests to safely handle stale data when two clients update a user at the same time. * [bug 1896125 (https://bugs.launchpad.net/keystone/+bug/1896125)] Introduced more robust connection handling for asynchronous LDAP requests to address memory leaks fetching data from LDAP backends with low page sizes. * [bug 1901654 (https://bugs.launchpad.net/keystone/+bug/1901654)] Previously, generate_public_ID() in sha256.py assumed the passed arguments is str data type. However, python-ldap 3.0 or later returns bytes data type for attribute values except fields of distinguished names, relative distinguished names, attribute names, queries. If keystone running on Python3 is integrated with LDAP and the LDAP server has local_id variable in its attribute, user login operations will fail due to the assumption and modifiation of python-ldap. By this fix, generate_public_ID() properly handles bytes data type in the parameter. Changes in keystone 18.0.0..18.1.0 ---------------------------------- 4063ad98e Fix typos in application credential policies 65c99d6ef Fix typos in ec2 credential policies f742fadef Fix typo in identity provider policies 4649fe6bf Hide AccountLocked exception from end users 5b7d4c80d Retry update_user when sqlalchemy raises StaleDataErrors 5b860e0b3 Support bytes type in generate_public_ID() 66c3bd8d2 Use app cred user ID in policy enforcement 665948998 Update TOX_CONSTRAINTS_FILE for stable/victoria 42faeb277 Drop lower-constraints job 6f93063ff Delete system role assignments from system_assignment table a26a40d44 Implement more robust connection handling for asynchronous LDAP calls 5680b482c Update .gitreview for stable/victoria Diffstat (except docs and test files) ------------------------------------- .gitreview | 1 + .zuul.yaml | 1 - keystone/api/users.py | 47 ++++++++- keystone/assignment/backends/sql.py | 5 + keystone/common/policies/application_credential.py | 4 +- keystone/common/policies/ec2_credential.py | 12 +-- keystone/common/policies/identity_provider.py | 8 +- keystone/identity/backends/ldap/common.py | 106 +++++++++++++-------- keystone/identity/backends/sql.py | 8 ++ keystone/identity/id_generators/sha256.py | 10 +- keystone/notifications.py | 2 + .../protection/v3/test_application_credential.py | 66 +++++++++++++ .../notes/bug-1688137-e4203c9a728690a7.yaml | 8 ++ .../notes/bug-1878938-70ee2af6fdf66004.yaml | 16 ++++ .../notes/bug-1885753-51df25f3ff1d9ae8.yaml | 6 ++ .../notes/bug-1896125-b17a4d12730fe493.yaml | 7 ++ .../notes/bug-1901207-13762f85b8a04481.yaml | 7 ++ .../notes/bug-1901654-69b9f35d11cd0c75.yaml | 10 ++ tox.ini | 6 +- 24 files changed, 352 insertions(+), 64 deletions(-) From no-reply at openstack.org Mon Jan 31 22:27:08 2022 From: no-reply at openstack.org (no-reply at openstack.org) Date: Mon, 31 Jan 2022 22:27:08 -0000 Subject: [release-announce] manila 12.1.1 (wallaby) Message-ID: We are thrilled to announce the release of: manila 12.1.1: Shared Storage for OpenStack This release is part of the wallaby stable release series. The source is available from: https://opendev.org/openstack/manila Download the package from: https://tarballs.openstack.org/manila/ Please report issues through: https://bugs.launchpad.net/manila/+bugs For more details, please see below. 12.1.1 ^^^^^^ Bug Fixes * Fixed an issue during snapshot creation where a database error was being mishandled with dead code. See Launchpad bug 1475351 (https://launchpad.net/bugs/1475351) for more details. * Fixed periodic_share_replica_update() to skip active replicas similarly to periodic_share_replica_snapshot_update(). The intention is to check on non-active replicas, that can be 'in_sync', 'out_of_sync' or in 'error' state. * When "cephfs_ganesha_server_ip" is not set, the current hostname is used as a default for such config option. The driver was treating this value as an IP address and trying to perform validations on it. The CEPH NFS driver will no longer treat hostnames as ip addresses and try to validate them as such. Changes in manila 12.1.0..12.1.1 -------------------------------- a5aecc22 Update admin, user and contributor guide f7376849 early return for _share_replica_update() if there is no active replica 9cf0afce Handle successful deletion of snapshot if quota commit fails cffad6fd Modify docker instalation for fedora systems c034ed19 Drop non-ASCII character from manila config 027e4cb5 [doc] Fix config and install guide for the generic driver c44108f9 Don't run periodic_share_replica_update() on active replicas 909d437f Adapt CephFS driver to do not try to escape export ip Diffstat (except docs and test files) ------------------------------------- devstack/plugin.sh | 2 +- .../admin/shared-file-systems-share-networks.rst | 15 ++ .../common/dhss-true-mode-configuration.rst | 17 +- manila/share/api.py | 5 +- manila/share/drivers/cephfs/driver.py | 11 +- manila/share/drivers/netapp/options.py | 14 +- manila/share/manager.py | 22 ++- ...hot-if-quota-commit-fails-4d150bf0b71a2fd9.yaml | 6 + ...c-task-for-active-replica-030a982af92f8a62.yaml | 6 + ...t-ip-escaping-on-hostname-e2866be32a8f5e38.yaml | 8 + 14 files changed, 453 insertions(+), 35 deletions(-)